ARM Announces ARMv8-M Instruction Set For Microcontrollers – TrustZone Comes to Cortex-Mby Ryan Smith on November 10, 2015 12:30 PM EST
Kicking off today in Santa Clara, California is ARM’s annual developer conference and expo, TechCon. Although ARM announces products year-round, they always have a couple of announcements reserved for TechCon and this year is no exception. Being unveiled at 2015’s show is the ARM Cortex-A35 CPU and the ARMv8-M instruction set architecture, the latter being the focus of this article.
As a brief bit of background since we don’t extensively cover ARM’s microcontroller efforts, in recognition of the unique power and performance requirements for microcontrollers, ARM produces a separate instruction set architecture and lineup of CPU cores specifically for these kinds of products. These are the ARM-M ISAs and the Cortex-M series of CPUs respectively. The ARM-M ISAs can be thought of as a cut-down version of ARM’s full ISAs, paring down the features to allow for simpler CPUs as needed in microcontrollers.
At this year’s TechCon, ARM is announcing the latest iteration of the ARM-M ISA, the ARMv8-M ISA. Unlike the full ARMv8 (i.e. ARMv8-A) ISA that we’re accustomed to seeing implemented in products like ARM’s Cortex-A57 CPU, Apple’s Twister CPU, and other products, ARM’s focus on their microcontroller ISA is a bit narrower. Here the focus isn’t on performance or memory space – factors that led to the expansion to 64-bit CPUs with ARMv8-A AArch64 – but rather on continuing with microcontroller-suitable 32-bit CPUs while investing in the new features ARM sees as important over the next half decade or so.
To that end, ARM’s big focus with ARMv8-M is on security. Key to that is that ARM’s TrustZone technology is coming to microcontrollers for the first time.
Previously only available to ARM-A architecture CPUs, TrustZone is now being extended to ARM based microcontrollers. And like their bigger siblings, ARM’s aim here with TrustZone is to lay the groundwork for their customers to build highly secure devices, for all the benefits and drawbacks such a device entails. This includes protecting cryptography engines and certain stored assets (e.g. the secure enclave) against attack, locking down systems to prevent userland applications from breaking into the operating system itself, and various degrees of DRM (one example, as ARM gives is, is firmware IP protection).
ARM over the last few years has been betting increasingly heavy on wearables and ioT, so the announcement of ARMv8-M and their focus on TrustZone is consistent with those bets. ARM microcontrollers are used in a number of devices as the sole processor, and in more devices still as a specialized processor working alongside a full ARMv8-A application processor. So as ARM microcontroller use increasingly expands from industrial devices and simple black boxes to complex devices that end-users interact with, there is a need for better security to follow into these products.
With that said, as microcontrollers are the lowest of the low power devices in the ARM ecosystem, ARM had needed to take some care in implementing that security within the constraints of a microprocessor. Seeking to avoid compromising response time or efficiency, the ARMv8-M TrustZone retains the deterministic properties developers need on such devices, so a TruzeZone interrupt has a low and deterministic latency to the operation. Similarly, the core of the implementation is based on switching states rather than hypervisors, avoiding the overhead and higher resource requirements of the latter.
Of course like the ARMv8-M ISA itself, TrustZone is an ISA and a model for just the CPU. To flesh out the full technology ARM is also making a couple of other ARMv8-M announcements. The first is that the company is announcing the ARM Advanced Microcontroller Bus Architecture 5 (AMBA 5) Advanced High-performance Bus 5 (AHB5) specification. The main system bus for ARM’s microcontrollers, AHB5 goes hand-in-hand with TrustZone to extend the security model to the rest of the SoC. Through AHB5, TrustZone microcontroller CPUs can interact with both trusted and non-trusted devices, including trusted segments of SRAM and flash memory as required for implementing separated storage.
Also being announced today is TrustZone CryptoCell, ARM’s implementation of a TrustZone crypto block, which provides the fixed function hardware necessary for a full TrustZone implementation. The TrustZone CryptoCell includes a secure enclave, key generation/provisioning/management, and the actual fixed function hardware crypto engines.
Ultimately with today’s ARMv8-M and associated security announcements, ARM is looking to further flesh out the ARM ecosystem to support full security at every level and every device from end to end. ARM believes that developers now need an easier and more standardized way to implement security on their microcontroller-equipped devices, and this is what ARMv8-M will provide.
Finally, and not all that surprising, today’s announcement of the ARMv8-M ISA is just for the ISA itself, and not for any specific CPUs. ARM has traditionally announced new Cortex CPU designs separately from the ISA, and in this case it’s no different. To that end ARM isn’t specifically talking about when we’ll see ARMv8-M Cortex-M designs announced, but after today’s announcement it’s safe to say that it’s only a matter of time.