Concepts behind the ARMv8-M TrustZone
Using GCC CMSE (Cortex-M Security Extensions) with ARM Cortex-M33 and M23 Cores
Introduction & Motivation
This article is the result of my first steps with the new nRF9160 System-in-Package of Nordic Semiconductor. This SiP can be used to create IoT sensor nodes with cellular connection to the internet. It integrates a modem for the new „IoT optimized“ low-power variants of the LTE standard namely NB.IoT and LTE-M which is targeted to replace traditional M2M connectivity using 2G networks.
Conceptual the SiP is very interesting to us at Lobaro because it breaks with the widespread concept of having one application microprocessor talking over serial line using AT commands with a separate cellular modem. Beside this it uses the latest ARM Cortex-M33 CPU core with new security features targeting especially secure IoT applications. The LTE modem is directly integrated into the SiP and communicating with the application processor using interprocessor communication based on shared memory. This tight coupling allows for better low power optimization and smaller PCB footprints beside easier securing the IoT node.
The Cortex-M33 processor inside the nRF9160 uses the new ARMv8-M architecture which offers a new feature called „ARM TrustZone„. The following article reflects my interpretation of the underlying concepts and their practical application using the GNU ARM GCC compiler and its CMSE (=Cortex M Security Extensions) Features. Since there is currently (May 2019) not a lot of information to find online I hope this article may help you to have a quicker start into the topic than I had.
Although I am using the nRF9160 Cortex-M33 SiP most concepts provided in the following are also valid for other ARMv8-M enabled Cortex-M33 and Cortex-M23 devices of different silicon vendors. The same holds for using other ARM compilers than GCC.