A Security Foundation For Billions Of Devices

What’s different about the Cortex-M23 and Cortex-M33.


October 19, 2004 was a date like any other, and will probably not mean much to most people. However, if you are part of the Embedded community, that precise date was transformational for the microcontroller (MCU) industry. It was the day that ARM announced the first Cortex-M processor, bringing the advantages of a common architecture to the microcontroller market.

Embedded developers quickly embraced the intuitive programmers’ model, as well as the outstanding performance and excellent energy efficiency of the Cortex-M family. Combining ease-of-use and far-reaching ecosystem support, it accelerated innovation in the embedded industry and multiplied the microcontrollers’ use-cases. These tiny Cortex-M based MCUs are now everywhere, bringing invisible intelligence and enhanced functionality to many of the devices we use today. A decade later, most MCU and embedded players have used this industry standard to ship a combined total of more than 22 billion units of Cortex-M based devices.

Embedded intelligence runs on Cortex-M based devices

Innovation requires security and standard platforms
Innovation never stops, and new challenges arise. Providing security for the increasing number of connected objects is now essential – protecting their data confidentiality, their functionality and integrity, as well as their connection from the infrastructure to the cloud. Not only must this security meet high standards using proven best practices; it must also be easy to use and program, minimizing the risk of being used incorrectly. The last and key ingredient of deployment success is that this innovation needs to build on an industry standard platforms, ensuring wide ecosystem endorsement and enabling a large community of developers to create the huge diversity of devices that will accelerate proliferation in the various Internet of Things vertical segments.

Securing connected devices is a well-known challenge – and opportunity – at ARM. There are more than 10 billion units of Cortex-A based chips deployed in mobile devices that use ARM TrustZone technology to protect the root of trust from potentially distrustful software. ARM tasked some of its most talented engineers to optimize and transfer this security foundation into the very heart of a new version of the M-profile architecture. They have achieved this and ensured it fits within the tight embedded constraints:

  • Real-time, with fast transitions between security states
  • Deterministic
  • Still highly energy efficient

The outcome, the ARMv8-M architecture, was unveiled last year at ARMTechCon 2015, promising to bring advanced software isolation into the smallest of processors and devices using ARM TrustZone for ARMv8-Mtechnology. If you are looking for more information on this new architecture, Joseph Yiu’s great blog is the best place to get started.

armv8-m-trustzoneTrustZone for ARMv8-M brings security to the smallest devices

Introducing Cortex-M23 and Cortex-M33
Today I am pleased to announce two new ARM Cortex-M processors built on TrustZone technology: the Cortex-M23, for the most area and energy constrained applications, based on the ARMv8-M Baseline profile; and the Cortex-M33, for the more capable systems, based on the ARMv8-M Mainline. Both profiles offer ARM TrustZone technology as their security foundation and provide an easier-to-use MPU programmers’ model, with the capability to restrict debug visibility, thus protecting the secure software confidentiality. The security concept is holistic, it goes beyond processor boundaries and encompasses the complete system: bus/interconnect, memories and peripherals, exporting the processor security state across the system using the AMBA AHB5 standard.

ARM Cortex-M33 and Cortex-M23 have TrustZone security built in at the foundation

Connected devices built on Cortex-M23 or Cortex-M33 based chips will benefit from the protection offered by the trusted world to execute security-critical functionality, such as secure boot, cryptography, identity and key management, provisioning and update of the devices. In the processor’s normal world, guest applications and non-secure services will run similar to previous Cortex-M based devices. TrustZone will allow these applications and services to access the secure functionality of the trusted world, while safeguarding the secure resources from being misused, corrupted or inspected by guests. It is worth noting that due to the forward compatibility of the programmers’ model, applications written for existing Cortex-M processors will run in Cortex-M33’s and Cortex-M23’s non-secure worlds, without noticing that they are running on an ARMv8-M based processor. Experienced Cortex-M developers will feel at home and will be able to quickly transfer existing applications to the next wave of microcontrollers.

You can find more details of the new processors in the very instructive blogs from Tim Menasveta and Diya Soubra, respectively on Cortex-M23 and Cortex-M33.

Accelerating the pace of development
As well as TrustZone and the related security features, both processors bring the additional capabilities of the respective ARMv8-M Baseline and Mainline profiles. They offer more aligned interfaces and features to chip designers and software developers, such as: debug, memory-sharing and execute-only memory support, and increased maximal number of interrupts. Altogether, these make system design and software development more scalable and efficient and accelerate the pace of development – essential for the proliferation of billions of IoT nodes.

Many partners joined us in defining and developing these new processors, and are actively designing chips that take advantage of the same standard TrustZone security technology. We are thrilled that seven of them are joining us for the launch at ARM TechCon 2016.

The ARM ecosystem is already focused on porting tools, RTOS and firmware to be ready for when first chips arrive. In addition, ARM’s software development tools are available and fully support the Cortex-M23 and Cortex-M33 processors. Many ecosystem partners will be showcasing at ARM TechCon how their product makes the most of the ARMv8-M architecture and how the Cortex-M23 and Cortex-M33 processors unlock new capabilities.

Will the 25th of October 2016 mark another breakthrough in embedded? It will probably take several more years and billions of shipped devices before one can say for sure. However, the key focus for now is to work in close collaboration with the ARM partnership to deliver all the great ingredients to the developers and makers whose creativity and vision will fuel the fast transition to a more connected, more intelligent and more protected world.

Leave a Reply

(Note: This name will be displayed publicly)