TrustZone technology for Armv8-M

The Armv8-M architecture extends TrustZone technology to Cortex-M based systems, enabling robust levels of protection at all cost points. TrustZone reduces the potential for attack by isolating the critical security firmware and private information, such as secure boot, firmware update, and keys, from the rest of the application.

TrustZone technology offers an efficient, system-wide approach to security with hardware-enforced isolation built into the CPU. It does this by running two domains side-by-side and sharing resources per set configuration.

Diagram showing Arm TrustZone secure and non-secure

Webinars

A guide to securing your IoT device using TrustZone for Cortex-M

Examine concepts like Secure and Non-secure domains, setting up a TrustZone RTOS, and debugging a secure application.

Watch now

Getting started with TrustZone for Cortex-M

Develop a secure application starting with architecture design and isolation and ending with implementation. Watch a demo using the Microchip SAML11 TrustZone-enabled microcontroller.

Watch now

IoT security for software developers: how PSA can help...

Secure your IoT products with Platform Security Architecture (PSA) APIs, TrustZone technology and Trusted Firmware-M.

Watch now

The Platform Security Architecture APIs

Learn to design IoT devices and use the PSA Functional APIs to build a secure product.

Watch now

Achieving a secure execution environment on NXP TrustZone-enabled MCUs

Implement a secure execution environment for microcontrollers. Learn how to maintain real-time and low-power properties of the system using NXP’s LPC5500 MCU series.

Watch now

Using the TrustZone-enabled NuMicro M2351 and CMSIS-Zone

Develop secure IoT applications on the Nuvoton NuMicro M2351. Learn how to apply the approach on real target hardware, using CMSIS-Zone for setting up the Secure and Non-secure partitions.

Watch now

Working with TrustZone in a secure IAR Systems workflow

Set up a secure development workflow using IAR Embedded Workbench and IAR Systems C-Trust tool. Use IAR Embedded Workbench to create reliable, efficient TrustZone-based applications.

Watch now

Secure IoT with Microchip and Kinibi-M

Use the Trustonic Kinibi-M to program a MicroChip SAML11 microcontroller, based on the Arm Cortex-M33 processor with TrustZone technology. Generate secure messages that a server or cloud can validate from a device for decryption and display.

Watch now

Documentation

Software developers guide to IoT security

Learn key concepts for developing secure IoT applications including analyzing a system, creating and implementing secure software, and certifying that a system is secure.

Read here

TrustZone technology for the Armv8-M architecture

Learn about the Security states, memory partitions, switching between states, and calling of Secure functions.

Using TrustZone on Armv8-M

Learn about the features in CMSIS and Keil MDK,so that you can use the Secure and Non-secure domains in the Armv8-M architecture.

Read here

The Armv8-M architecture reference manual

Examine the microcontroller profile of the Armv8-M architecture.

Fault handling and detection

Learn about how to detect and manage faults in Armv8-M processors.

Secure software guidelines for Armv8‑M based platforms

Examine the requirements for creating secure software on an Armv8‑M-based platform.

Read here

Armv8‑M processor debug

Learn how to handle the various debug event sources on the Armv8-M architecture.

Read here

Armv8‑M exception handling

Examine how the processor responds to an exception, the properties associated with each exception, and the return behavior.

Read here

RTOS design considerations for Armv8‑M based platforms

Learn about the processor features that have been extended in the Armv8-M architecture that can affect RTOS design.

Read here

System design for Armv8‑M

Examine a system design with the extra components and logic that are required to support an Armv8‑M-based microcontroller.

ACLE extensions for Armv8‑M

Learn about the Arm C Language Extensions (ACLE) for the Armv8-M architecture and how they build a Secure image.

Read here

Armv8-M processor power management secure state protection

Learn about the interaction between processor power management and security implications.

Read here

Training

TrustZone forArmv8-M

Learn about the security features in the Armv8-M architecture and understand how to configure the Security Attribution Unit to set up Secure and Non-secure memory regions.

Learn more

TrustZone for Armv8-M secure system design

Examine the architectural features that underpin the security partitioning at a software level and how security can be implemented in the wider system using AMBA ABH5.

Learn more

Software and tools

Mbed OS

Mbed OS is a leading open-source RTOS for Arm processors. Use Mbed OS to develop IoT software, generate optimized code with Arm C/C++ Compiler and run code on hundreds of hardware platforms.

Learn more

CMSIS-Pack

A CMSIS-Pack is a software pack that includes source, header, and library files, and documentation, source code templates, and example projects. The pack enables proactive software deployment for specific MCU devices.

Learn more

Trusted Firmware-M

Trusted Firmware-M provides open-source reference documents, specifications, and APIs of PSA-trusted code for Armv8-M based microcontrollers to help you build secure devices.

Learn more

Keil MDK

Keil MDK includes the components that you need to build and debug Arm-based embedded applications, including Arm Compiler, IDE, debugger, RTOS, and middleware.

Learn more

TrustZone-enabled microcontrollers

Get support

Community Forums

Answered TF-M, how to sign an image.bin in a multi-image configuration?
  • Trusted Firmware-M
  • Cortex-M33
 0 votes 693 views 1 replies Latest 1 months ago by Cristiano_Ro Answer this
Answered Non Secure malicious access handling... 0 votes 966 views 4 replies Latest 1 months ago by TexCorJC Answer this
Answered cpsid from non-secure triggers SecureFault
  • ARMv8 Exception Model
  • CoreLink SSE-200 Subsystem
  • TrustZone
 0 votes 1066 views 3 replies Latest 2 months ago by 42Bastian Schick Answer this
Not answered Why have a IDAU/SAU when one has a MPC 0 votes 632 views 0 replies Started 2 months ago by Chris Daniels Answer this
Suggested answer Switching from 32bit to 64bit 0 votes 4304 views 2 replies Latest 4 months ago by Zenon Xiu (修志龙) Answer this
Answered Cortex-M33 - SVC call from non-secure code does not trigger non-secure SVC exception
  • Real Time Operating Systems (RTOS)
  • Trusted Firmware-M
  • TrustZone for Armv8-M
  • Armv8-M
 0 votes 2662 views 3 replies Latest 5 months ago by Michael Jung Answer this
Answered TF-M, how to sign an image.bin in a multi-image configuration? Latest 1 months ago by Cristiano_Ro 1 replies 693 views
Answered Non Secure malicious access handling... Latest 1 months ago by TexCorJC 4 replies 966 views
Answered cpsid from non-secure triggers SecureFault Latest 2 months ago by 42Bastian Schick 3 replies 1066 views
Not answered Why have a IDAU/SAU when one has a MPC Started 2 months ago by Chris Daniels 0 replies 632 views
Suggested answer Switching from 32bit to 64bit Latest 4 months ago by Zenon Xiu (修志龙) 2 replies 4304 views
Answered Cortex-M33 - SVC call from non-secure code does not trigger non-secure SVC exception Latest 5 months ago by Michael Jung 3 replies 2662 views