ARM brings security to Cortex-M family
ARM has launched the first of a series of Cortex-M series microcontrollers based on the V8M architecture that incorporate the Trustzone security mechanism.
“The principle of Trustzone is to isolate resources that need to kept secure from non-trusted software or hardware,” said Ian Smythe, director of marketing programs in ARM’s CPU group, noting that the design of the Cortex-M23 and M33 and the support infrastructure the company has developed extends the protection “to all the IP that connects the system together and not just the CPU alone”.
Smythe added: “The two processors have been designed together to make sure it is as easy as possible to move from one to the other.”
Nandan Nayampally, vice president of marketing in ARM’s CPU group, said: “The Cortex-M33 succeeds the Cortex-M3/M4 line while the Cortex-M23 takes on some of the very constrained applications that the Cortex-M0 and M0+ championed. The M33 is configurable for DSP and floating-point processing.”
According to Smythe, the M33 offers 20 per cent higher performance per clock cycle than the M4.
To provide a secure infrastructure for trusted software running in the core to talk securely to onchip peripherals, ARM has introduced AHB5. The interconnect add security-control bits to the address lines to prevent unwanted access to sensitive peripherals. To support the incorporation of a hardware root of trust, ARM has designed a cryptocontroller core that interfaces to the central processor through the AHB5 interconnect. In addition, ARM has developed a tightly coupled coprocessor interface for custom accelerators.
“If you take a smart sensor, it may use special processing such as Kalman filtering and then compress the data to send it over a wireless link,” said Smyth. Using the coprocessor interface allows special-purpose hardware to be added to the core “without fragmenting the ecosystem”.
Thomas Ensergueix, director of product marketing at ARM, said: “The coprocessor interface acts as a high-efficiency bus that goes directly to the processor and allows you to exchange data between the processor and coprocessor. The bus can transfer two registers at the same time – it passes data and instructions back and forth with high efficiency.”
To maintain security, the coprocessor does not have access to the main memory bus. All data passes through the processor. Ensergueix pointed out that the coprocessor can operate in both secure and non-secure modes depending on the state of the host processor at the time.
Nayampally said that, on a 40nm process, a full implementation of the Cortex-M33 should take up around 0.1 square millimetres of die area. “40nm is coming into its own as a process technology for IoT,” he added. By comparison, the Cortex-M4 consumes 0.04 square millimetres on a typical 40nm process.
So far, nine companies have licensed one or both of the microcontroller cores, Nayampally added.
As well as introducing the new processor cores, ARM launched a cloud-based device-management and configuration service. Michael Horne, vice president of sales for ARM’s IoT group, said: “Conversations with customers indicate device management is becoming a limiting factor on their ability to deploy IoT.”
Horne said the mBed Cloud service will support any cloud software used by the customer, using standard CoAP and LWM2M protocols to communicate with managed devices, which can run either mBed OS natively or for a subset of the services, a client application ported to Linux or a third-party RTOS running on an ARM or other processor architecture. He added: “mBed OS has the ability to natively talk to the mBed Cloud.
“In terms of business model, it is delivered as a service from the cloud. It is structured like the business model of most Saas companies,” Horne said.
Leave a Comment
You must be logged in to post a comment.