Arm security technologies

Arm provides a range of IP and software technologies to enable secure solutions. This approach empowers a broad ecosystem of partners to develop secure applications and high-value services.

With increasing numbers of assets being connected in the Internet of Things (IoT), the security stakes are growing higher, particularly as critical infrastructure becomes more a part of the IoT. It is increasingly important to extend the use of robust security development lifecycle processes, based on foundational principles and backed by best practices for implementation.

We as an industry recognize that we are in a constant battle against potential attackers. As long as there is value in the assets to be protected, there will be those who will aim to compromise that protection. We must collectively raise the bar each time we find a weakness or vulnerability that can be exploited.

Arm provides a set of security technologies that can be designed in to devices, learn more about these technologies and products on this page.

See below for more information about:


Words: Platform Security Architecture, Analyse, Architect, Implement.

Platform Security Architecture

Platform Security Architecture (PSA) is a common industry framework for building secure connected devices. It’s designed to be used as a 'recipe' to map the appropriate level of security depending on the application. PSA includes a threat models documentation, opensource firmware, plus a range of specifications for common security functions.


Arm Musca-A1 development board

Development boards

Developing a system that follows PSA principles, requires a combination of hardware and software design. Most importantly, the development teams need to integrate these components and optimize their interactions to ensure that the complete solution is secure.

The Musca-A board is the reference PSA development platform. This board is a great way to develop secure applications on a realistic target. You could also choose to use FPGA platforms such as MPS2+ or MPS3, which have a range of FPGA image files, ready to load on the board.


Text: arm TRUSTZONE (logo).

Arm processors with Arm TrustZone support

Arm TrustZone technology provides system-wide hardware isolation for trusted software. The family of TrustZone technologies can be integrated into any Arm Cortex-A core, supporting high-performance applications processors. With the release of the Armv8-M architecture, TrustZone was introduced into the Cortex-M microcontroller profile (Cortex-M23 and Cortex-M33) to fill in the market need for efficient secure embedded solutions. If you’re looking for technical resources about TrustZone for Armv8-M, you can join the Arm Community.

Learn more

Cortec-M35P Chip.

Processors with tamper resistance

Arm also have a range of Cortex-M processors that have been hardened to ensure they are resilient to physical attack. These processors contain specific anti-tampering features to resist fault injection, side-channel and probing attacks:

Product name Processor
Cortex-M35P Cortex-M33
SC000 Cortex-M0
SC300 Cortex-M3

CryptoIsland Chip.

Cryptography and platform security services IP

Arm’s range of security IP provides a comprehensive set of platform security services addressing cryptography, code and data protection, keys management, secure debug and much more. The silicon-proven IP, comprising hardware, firmware and tools, allows a silicon architect to form a secure and robust security solution while making various power/performance/area/reuse related trade-offs.

Learn more

Security IP with SCA protection.

Security IP with Side-Channel Attack (SCA) protection

Arm also have a range of security IP which has been enhanced with technology that protects against power and electromagnetic side channel analysis threats.

Learn more


Development tools

Development tools for Cortex-M

Keil MDK is the complete software development environment for a wide range of Arm Cortex-M based microcontroller devices, including Armv8-M based devices. MDK includes the µVision IDE and debugger, certified Arm C/C++ compiler, and essential middleware components. It supports TrustZone for Armv8-M and mbedTLS for secure communication over TCP/IP networks.


Virtualization

Virtualization technology enables concurrent and secure execution of multiple guest operating systems on the same hardware. The isolation of the parallel execution is assured by hypervisor software. Arm architecture supports both Type-1 (native) and Type-2 (hosted) hypervisor. The Arm architecture provides virtualization extensions. A hypervisor mode enables the hypervisor to manage its own virtual address space as a trapping mechanism to control the execution of the Guest OSes. Information about Arm virtualization technology is available from the Arm Architecture Reference Manual.

Download


Memory Protection Unit (MPU)/Memory Management Unit (MMU)

The Memory Management Unit and Memory Protection Unit are two common hardware blocks in modern processor architecture. They are similar in nature – both of them provide memory protection, so that privileged software such as an OS can define what memory spaces unprivileged software may access, but the MMU also provides virtual address support, while MPU doesn't. Normally, application processors support an MMU because virtual addressing is needed for full feature OSes like Linux, and embedded processors provide an MPU because it is simpler and does not affect real-time capability.

Download