TrustZone technology for Armv8-M

The Armv8-M architecture extends TrustZone technology to Cortex-M based systems, enabling robust levels of protection at all cost points. TrustZone reduces the potential for attack by isolating the critical security firmware and private information, such as secure boot, firmware update, and keys, from the rest of the application.

TrustZone technology offers an efficient, system-wide approach to security with hardware-enforced isolation built into the CPU. It does this by running two domains side-by-side and sharing resources per set configuration.

Diagram showing Arm TrustZone secure and non-secure

Webinars

A guide to securing your IoT device using TrustZone for Cortex-M

Examine important concepts such as, Secure and Non-secure domains, setting up a TrustZone RTOS and debugging a secure application.

Watch now

Getting started with TrustZone for Cortex-M

Learn to develop a secure application starting with architecture design and isolation and ending with implementation. Watch a demo using the Microchip SAML11 TrustZone-enabled microcontroller.

Watch now

IoT security for software developers: how PSA can help...

Join three Arm security experts for a tour of a much easier path to secure your IoT products with Platform Security Architecture (PSA) APIs, TrustZone technology and Trusted Firmware-M.

Watch now

The Platform Security Architecture APIs

PSA Functional APIs define the foundations from which security services are built and provide a consistent interface to the underlying Root of Trust hardware. This webinar is aimed at developers designing IoT devices and want to make use of the PSA Functional APIs to build a secure product.

Watch now

Achieving a secure execution environment on NXP TrustZone-enabled MCUs

Implement a secure execution environment for microcontrollers. Learn how to maintain real-time and low-power properties of the system using NXP’s LPC5500 MCU series.

Watch now

Using the TrustZone-enabled NuMicro M2351 and CMSIS-Zone

Develop secure IoT applications on the Nuvoton’s NuMicro M2351. Learn how to apply the approach on real target hardware, using CMSIS-Zone for setting up the Secure and Non-secure partitions.

Watch now

Working with TrustZone in a secure IAR Systems workflow

Set up a secure development workflow using IAR Embedded Workbench and IAR Systems’ new tool C-Trust. Learn how to use IAR Embedded Workbench to create reliable, efficient TrustZone-based applications.

Watch now

Documentation

Software developers guide to IoT security

Read this white paper to explore the key things you need to know when developing secure IoT applications including analyzing a system, creating and implementing secure software and certifying that a system is secure

Read here

TrustZone technology for the Armv8-M architecture

This document describes the security states, memory partitions, switching between states and calling of secure functions.

Read here

Using TrustZone on Armv8-M

This application note explains the features that are available in CMSIS and MDK to utilize the Secure and Non-secure domains in the Armv8-M architecture.

Read here

The Armv8-M architecture reference manual

This manual documents the microcontroller profile of the Armv8-M architecture profile.

Read here

Fault handling and detection

A document that describes fault handling and detection in Armv8-M processors.

Read here

Secure software guidelines for Armv8‑M based platforms

This document describes new requirements for creating secure software for an Armv8‑M based platform.

Read here

Armv8‑M processor debug

This document describes the debug facilities that are provided by Armv8-M.

Read here

Armv8‑M exception handling

The document describes how the processor responds to an exception, the properties that are associated with each exception, such as its priority level, and the exception return behavior.

Read here

RTOS design considerations for Armv8‑M based platforms

This paper describes the changes in the Armv8‑M architecture compared to previous Armv6‑M and Armv7‑M architectures.

Read here

System design for Armv8‑M

This document illustrates a system design with the key extra components and logic that are required to support an Armv8‑M-based microcontroller.

Read here

ACLE extensions for Armv8‑M

The Arm C Language Extensions (ACLE) for Armv8‑M describes what updated tools need do to build a secure image and to enable a Non-secure image to call a Secure image.

Read here

Armv8-M processor power management secure state protection

This document describes the interaction between power management in the processor and security implications.

Read here

Training

TrustZone forArmv8-M

Gain knowledge on the new security features that have been added to the Armv8-M architecture and understand how it is possible to configure the Security Attribution Unit (SAU) to set up Secure and Non-secure memory regions.

Learn more

TrustZone for Armv8-M secure system design

Understand the architectural features that underpin the security partitioning at a software level and how security can be implemented in the wider system using AMBA ABH5.

Learn more

Software and tools

Mbed OS

Mbed OS is a leading open-source RTOS for Arm processors. Develop IoT software in C++ with our free online IDE, generate optimized code with Arm C/C++ Compiler and run it on hundreds of hardware platforms.

Learn more

CMSIS-Pack

CMSIS-Packs are software packs for specific MCU devices. They include source, header, and library files along with documentation, source code templates, and example projects.

Learn more

Trusted Firmware-M

Trusted Firmware-M (TF-M) provides open-source reference documents, specifications and APIs of PSA-trusted code for Armv8-M based microcontrollers.

Learn more

Keil MDK

Keil MDK includes all the components you need to build, and debug Arm-based embedded applications. Components include Arm Compiler, IDE, debugger, RTOS, middleware and more.

Learn more

TrustZone-enabled microcontrollers

Get support

Arm support

Arm training courses and on-site system-design advisory services enable licensees to realize maximum system performance with lowest risk and fastest time-to-market.

Arm training courses  Open a support case

Community Blogs

Blog post image
The Security Arms Race on Devices

Blog explores the main security use cases on devices - now and in the future.

5 months ago by Sital Amin
Blog post image
Introducing Industry's-First 28FDS eMRAM IoT Test Chip and Board

The use of IoT devices is accelerating at a rapid pace, driven by the ongoing digital transformation. With the prediction of a trillion connected devices by 2035 and the growth of the big data, security and energy efficiency become the most demanding

8 months ago by Phil Morris
Blog post image
Silicon Labs’ multiprotocol Series 2 wireless platform adds cutting-edge se

Read more about Silicon Labs Arm Cortex-M33 based low-power wireless family with support for Bluetooth 5.1, Zigbee 3.0 and Thread.

9 months ago by Kobus Marneweck
Blog post image
Anchoring TrustZone with SRAM PUF

Let's take a look at how SRAM PUF, enabled through software, is a powerful addition to the security features offered by Arm TrustZone.

9 months ago by Marten van Hulst
3
Blog post image
The Role of Physical Security in IoT

Physical security, also known as silicon or hardware security, involves securing the silicon element of a system. This blog explores the different physical attacks and Arm IP on offer as a counter-measure.

10 months ago by Kobus Marneweck
2
Blog post image
White Paper: Hardware Features for Maintaining Security During Operation

Download the Curtiss-Wright Hardware Features for Maintaining Security During Operation white paper to learn more about Arm TrustZone, NXP QorIQ Trust Architecture and Intel SGX and OS Guard.

1 years ago by Nicole_Curtiss-Wright

Community Forums

Not answered How to write values ​​from secure code to non-secure memory.
  • TrustZone for Armv8-M
 0 votes 244 views 0 replies Started 6 days ago by Lars Answer this
Not answered PendSV target secure state 0 votes 257 views 0 replies Started 8 days ago by Jiameng Answer this
Discussion What is the top level difference in features between Cortex-M33 and Cortex-M4?
  • Cortex-M23
  • Trace
  • ACE
  • AXI
  • CHI
  • Security
  • Cortex-M3
  • Cortex-M
  • TrustZone
  • Cortex-M33
  • Armv8-M
  • Cortex-M4
  • Internet of Things (IoT)
  • AHB
  • Interrupt
 0 votes 12793 views 1 replies Latest 3 months ago by bodybeacon Answer this
Not answered Use DS-5 MPS2_CM33 FVP in non-secure mode ? 0 votes 1633 views 0 replies Started 4 months ago by ilchang Answer this
Suggested answer Calling non-secure Reset Handler from Secure main
  • Cortex-M33
  • Armv8-M
 0 votes 2856 views 1 replies Latest 4 months ago by Radhika Raghavendran Answer this
Suggested answer SAU configuration failure
  • TrustZone for Armv8-M
  • Cortex-M33
 0 votes 2723 views 1 replies Latest 4 months ago by Radhika Raghavendran Answer this
Not answered How to write values ​​from secure code to non-secure memory. Started 6 days ago by Lars 0 replies 244 views
Not answered PendSV target secure state Started 8 days ago by Jiameng 0 replies 257 views
Discussion What is the top level difference in features between Cortex-M33 and Cortex-M4? Latest 3 months ago by bodybeacon 1 replies 12793 views
Not answered Use DS-5 MPS2_CM33 FVP in non-secure mode ? Started 4 months ago by ilchang 0 replies 1633 views
Suggested answer Calling non-secure Reset Handler from Secure main Latest 4 months ago by Radhika Raghavendran 1 replies 2856 views
Suggested answer SAU configuration failure Latest 4 months ago by Radhika Raghavendran 1 replies 2723 views