All the latest quantum computer articles

See the latest stories on quantum computing from eeNews Europe

Wednesday, June 27, 2018

A deeper dive in the ARM Cortex-M23 for secure IoT nodes

By Nick Flaherty

The ARM Cortex-M23 is the smallest and most energy efficient processor with TrustZone technology. Based on the ARMv8-M baseline architecture, Cortex-M23 is aimed at constrained embedded applications where efficient security is a key requirement.

While you might think that moving TrustZone into hardware was a popular step, it has taken a while for M23 devices to reach the market. The first cores from NuMicro were launched in March 2017, but it has taken until now for the mainstream suppliers to deliver silicon.

The first of these is Microchip with the SAM architecture it inherited from its acquisition of Atmel. The SAM L10 and L11 both use the M23 core, but only the L11 implements TrustZone. Microchip has added chip-level tamper resistance, secure boot and secure key storage which, when combined with TrustZone technology, provides an hardware root of trust. It also includes an on-board cryptographic module supporting Advanced Encryption Standard (AES), Galois Counter Mode (GCM) and Secure Hash Algorithm (SHA).

When benchmarked for power consumption, the SAM L10 received a ULPMark score of 405, which is twice that of the nearest competitor certified by the Embedded Microprocessor Benchmark Consortium (EEMBC), with the L11 just behind at a ULPMark of 400. Microchip uses proprietary picoPower technology to provide industry-leading low power consumption in active and all sleep modes.

We would expect NXP and STMicroelectronics to be launching similar M23-based chip later this year and we'll keep you updated.

Microchip has partnered with Trustonic, a member of Microchip’s Security Design Partner Programme, to offer a comprehensive security solution framework that simplifies implementation of security and enables customers to introduce end products faster. Microchip is also working with Secure Thingz and Data I/O Corporation to offer secure provisioning services for SAM L11 customers that have a proven security framework.

TrustZone for ARMv8-M brings hardware-enforced separation between the trusted and non-trusted software on each Cortex-M23 based device. As such, TrustZone provides a foundation for building embedded applications that, in the past, might have required two separate physical processors to create physical separation between the trusted and the non-trusted sides. A single Cortex-M23 processor can provide a robust solution for security requirements such as device identification management, high-value firmware protection, software certification, and secure boot, just to name a few.

The Cortex-M23 processor with TrustZone has two security states: The secure state  can access both Secure and Non-Secure resources (memories, peripherals, etc) while the Non-Secure state can only access Non-Secure resources, of course.

Code execution transitions and data accesses in the two security states is policed by hardware, minimizing switching overhead and guaranteeing determinism, which is a hallmark for all Cortex-M processors. 

Compact two-stage pipelined processor
Cortex-M23 is a simple two-stage pipelined Von Neumann processor, yet it supports the full ARMv8-M baseline instruction set.  Users familiar with the Cortex-M0+ will quickly recognize many similar features in the Cortex-M23 that bring extreme energy efficiency to these processors: WFI (Wait for Interrupts)/WFE (Wait for Event) and sleep/deep-sleep modes, sleep-on-exit, SysTick timer and optional single cycle IO.
The instruction set comprises around 80 Thumb instructions, most of which are 16-bit wide to maximize code compactness, but also include a few 32-bit instructions where efficiency gains can be made. All ARMv6-M instructions are supported to ensure ease of code migration from the Cortex-M0 and Cortex-M0+ processors. Several new instructions have been included in the ARMv8-M baseline instruction set to improve performance efficiency for conditional operations, mutually exclusive accesses, hardware divide operations, and immediate moves.
Enhanced debug and trace
An efficient and secure 32-bit processor alone does not make for successful field deployment.  Software development costs often far surpass fabrication and hardware IP costs.  The Cortex-M23 makes it easier to develop and debug software by introducing more configurable hardware breakpoints and data watch points compared to other ARMv6-M processors.  An optional Embedded Trace Macrocell (ETM) has also been added, in addition to the optional Micro Trace Buffer (MTB) which is also available as in Cortex-M0+ processor. These options give designers the choice of a more full-featured instruction trace functionality or a more cost-effective, trimmed-down, instruction trace capability.
Memory Protection Unit for task isolation
A new programmer-friendly Memory Protection Unit (MPU) based on the latest PMSAv8 architecture has been added to the Cortex-M23 processor as an option.  It can “protect” up to 16 regions for each of the Secure and Non-Secure states. Each region has a base address, ending address, access permission and memory attribute settings. In multi-tasking environments, the OS can reprogram the MPU during task context switching to define the memory permissions for each task. For example, application tasks may be granted access to all or some application data and specific peripherals. The MPU dramatically improves system reliability by protecting all other data from corruption and other peripherals from unauthorized accesses.
Easier to set up memory regions
Cortex-M23’s memory protection architecture adopts base and limit-style comparator for defining memory regions, as opposed to the previous power-of-two size, sized-aligned scheme. This improvement simplifies software development, and in some cases, reduces memory wastage when region sizes do not fit a perfect power-of-two size.
New ARMv8-M baseline instructions
New instructions have been added to enhance the Cortex-M23's capability compared to ARMv6-M implementations, but without compromising the energy efficiency. Most of these 'new' instructions (except for the security extension ones) are inherited from the ARMv7-M architecture instruction set in order to extend Cortex-M23's capability compared to the Cortex-M0+.
TrustZone for ARMv8-M brings additional instructions to the baseline instruction set. This includes the secure gateway (SG), non-secure branch (BXNS, BLXNS), and test target (TT) instructions.
Execute-only code generation
Support for the execute-only memory regions has been improved by the addition of immediate-move instructions (MOV/MOVT inherited from ARMv7-M), which facilitate immediate-data generation in execute-only code. These instructions provide the ability to produce 32-bit values via two instructions without the need to perform a literal load.
Code optimization
Conditional Compare and Branch instructions (CBNZ/CBZ inherited from ARMv7-M) improve performance for many conditional control code sequences.  Immediate branch with long offset (B.W inherited from ARMv7-M) allows for direct branch to a far target address.  And hardware integer divide instructions (SDIV/UDIV inherited from ARMv7-M) reduce processing cycles for divide operations.
Exclusive access
Load and store exclusive instructions from ARMv7-M have been added to improve the architecture consistency of Cortex-M23 processor in multicore systems where semaphores between processors can be handled with the same mechanism. In addition, to provide atomic support for C11/C++11, the load-acquire and store-release instructions are included from ARMv8-A (Thumb 32 version), including exclusive access variant of those instructions.

There is already an example Cortex-M23 IoT FPGA image, which can be used on the ARM Cortex-M Prototyping System (MPS2+).  The example Cortex-M23 IoT image includes the Cortex-M23 processor, an AHB5 subsystem, memory, timers, etc. The package also includes application note AN519 and the Cortex-M23 IoT User Guide, bare metal test code, and the pack for Keil MDK. It’s available to download from the MPS2+ page.

The SAM L10 (DM320204) and SAM L11 (DM320205) Xplained Pro Evaluation Kits are available to kick-start development. All SAM L10/L11 MCUs are supported by the Atmel Studio 7 Integrated Development Environment (IDE), IAR Embedded Workbench, Arm Keil MDK as well as Atmel START, a free online tool to configure peripherals and software for accelerated development. START also supports TrustZone technology for configuring and deploying secure applications. A power debugger and data analyser tool is available to monitor and analyse power consumption in real-time and fine-tune the consumption numbers on-the-fly to meet application needs. 

No comments: