Overview The goals of a secure IoT device Security - How can I secure my device? Security - Platform Security Architecture Security - Arm TrustZone technology Security - CryptoCell and CryptoIsland technologies Security - Mitigating against physical attacks Security - Implementing additional security IP - What IP do I need to make a secure IoT device? IP - The processor IP - The AMBA components IP - The CryptoCell IP - Power control, timers, Wi-Fi, and display Build - How does the IP fit together? Build - Starting to develop an example TBSA-M system Build - Select AMBA components to link the IP together Build - Connect to RAM, ROM, and eFlash memory Build - Connect the CryptoCell-312 Build - Add power control to the SoC Build - Add the timers as peripherals Build - Add a theoretical Wi-Fi and display component Build - Integrate the IP into the SoC Build - Add your own registers for the SoC Build - Arm subsystems SSE-123 - Exploring the SSE-123 Example Subsystem SSE-123 - SSE-123 features SSE-123 - Working with the SSE-123 SSE-123 - SSE-123 timers SSE-123 - SSE-123 registers SSE-123 - Debugging with the SSE-123 SSE-123 - The SSE-123 I/O port SSE-123 - Ideas for extending the SSE-123 Related information Next steps
The processor
Arm offers Cortex-A, Cortex-R, and Cortex-M processors. The first thing to decide is which processor architecture to choose a processor from.
Cortex-A series processors are typically used for high-end devices, for example sophisticated smartphones. Cortex-A processors host rich Operating Systems and support multiple software applications.
Cortex-R series processors provide high performance in safety-critical environments and can meet real-time constraints. This feature means that these processors are typically used in the automotive industry and in storage devices. In these scenarios, responses to events must be guaranteed.
The Cortex-M series processors are the focus of the Trusted Base System Architecture. Microcontrollers are one of the primary markets for Cortex-M series processors. Microcontrollers are like SoCs but are less sophisticated. However, you can use the more powerful Cortex-M series processors in more demanding situations. In addition, Cortex-M series processors that implement the Armv8-M architecture include many features, for example TrustZone. As mentioned previously, TrustZone is essential to ensuring the device is secure. You can find a useful comparison of the Cortex-M series processors here.
The Cortex-M23 has enough features for a secure IoT coffee machine or similar device. Importantly, the Cortex-M23 has a TrustZone option. Depending on the requirements of a secure IoT device, you might need to use a newer, more expensive fab process to get extra performance. Getting the extra performance from a Cortex-M23 increases the area and static power usage of the SoC.
The Cortex-M33 is another candidate that you could consider if you need more compute performance than the Cortex-M23 offers. The Cortex-M33 has a DMIPS benchmark value of 1.5 compared with a value of 0.98 for the Cortex-M23. In addition to the extra performance that the Cortex-M33 offers, this processor also offers the following features:
- Floating-point unit (FPU)
- Digital Signal Processing (DSP)
- A coprocessor interface
If the software that is running on the device requires floating-point calculations, upgrading to the Cortex-M33 is a logical choice.
Because the Cortex-M23 and Cortex-M33 processors implement the Armv8-M architecture, including the TrustZone extension, the Trusted Base System Architecture applies to SoC designs that use either processor.
This guide assumes that you use a single Cortex-M23 processor for your SoC.
Note: The Cortex-M23 processor and the Cortex-M33 processor are supplied with Arm Flexible Access.
Using a Cortex-A5 processor for a secure IoT SoC
The Cortex-A5 processor offers a possible solution for a secure IoT SoC. For example, if you need to run a version of the Linux operating system on your device, the Cortex-A5 is a good choice. The Cortex-A5 processor supports virtual memory. Through use of its L1 and L2 caches, a Cortex-A5 can achieve zero wait-state memory access for the most regularly used code and data.
However, it is worth comparing the PPA data of Cortex-M series processors with Cortex-A5 data. When comparing, select PPA data where a similar performance was achieved for both processors. A Cortex-A5 processor, when physically implemented, might have a higher static and dynamic power requirement, and have a larger area. However, if you need Cortex-A series capabilities and options, you might find that any increases in power usage and area are acceptable. The PPA Analysis Overview provides further information on comparing PPA data.
Note: The Cortex-A5 processor is supplied with Arm Flexible Access.