1Copyright © 2019 Arm, All rights reserved.Copyright © 2019 Arm, All rights reserved.

#Arm Tech Symposia

Senior Marketing ManagerArmZhang Zheng

Practical steps for developing secure IoT endpoints

2Copyright © 2019 Arm, All rights reserved.

Agenda

Components that enable secure IoT endpoints

• Trusted Firmware-M (TF-M) implements the PSA software services

• CMSIS components for device software foundation

• Hardware security of Armv8-M based devices

Challenges of IoT endpoint development

• Resource partitioning and security setup of the system hardware

• Using standard software components on a diverse range of devices

• Validation and verification of secure embedded systems

Development tools and software components that help

• CMSIS-Zone manages system resources and tool configuration

• Software packs that manage software components for diverse devices

• Compliance tests and tool features for validation and verification

3Copyright © 2019 Arm, All rights reserved.

Components of a secure IoT endpoint

Software and hardware landscape

4Copyright © 2019 Arm, All rights reserved.

Platform Security ArchitectureA complete security offering. Independently tested.

Certify

5Copyright © 2019 Arm, All rights reserved.

Trusted Firmware-M – Framework for Cortex-M23/M33Cloud software stack for Armv8-M utilizing TrustZone

Non-Secure Secure

Device Configuration

TF-M Core Secure Boot

Pla

tfo

rmD

rive

rs

Sto

rage

Cry

pto

Att

esta

tio

n

CMSIS-CORE

RTOS

Use

r A

pp

licat

ion

Clo

ud

Co

nn

ecto

r

Secu

re N

etw

ork

Inte

rfac

e

6Copyright © 2019 Arm, All rights reserved.

Devices for Secure IoT EndpointsRich feature sets and security mechanisms of today's microcontrollers

SAU DMA

SRAM

MPCMemory

Protection Controller

PPCPeripheral

Protection Controller

Cortex-M33

The Challenge

The security settings of SAU, MPC, and

PPC must be consistent.

USB

SDIO

AES

TRN

G

USA

RT

GP

IO

PW

M

I2S

RTCI2C

SPI

Cortex-M33with TrustZone

Flash

MPCMemory

Protection Controller

Multi-layer AHB5 interconnect

MCUDevice

7Copyright © 2019 Arm, All rights reserved.

Challenges of IoT Endpoint Development

Click to add subtitle

8Copyright © 2019 Arm, All rights reserved.

IoT devices are different, so how can we deploy IoT software stacks efficiently at scale?

1 Trillion devices by 2035 =

~10 years10 million units/year

10.000 bespoke designs

9Copyright © 2019 Arm, All rights reserved.

Challenges of IoT Endpoint DevelopmentUsing standard software components on diverse devices

• Multi-processor devices share resources that need partitioning

• Programmers want simple views to available resources

• Various hardware security filters require consistent setup

• Configuration of the software development tools must match the overall hardware setup

Device hardware configuration Manage software components System Validation

• Complex IoT software stacks should rely on standard software components

• Devices use foundation software, hardware drivers, and need application specific setup

• Memory footprint is important

• Managing 3rd party software over the product lifecycle

• Verification of security is a new challenge in the embedded industry

• How to ensure the time deterministic operation that is required in many embedded systems

• IoT endpoints should be power efficient, but hardware configuration is complicated

10Copyright © 2019 Arm, All rights reserved.

Development tools and software components

that help

11Copyright © 2019 Arm, All rights reserved.

Challenge: Device Hardware Configuration

Partition a multi-processor system into single processor views

Setup memory and peripherals for secure/non-secure environment

Generate consistent configuration

• Setup for the Armv8-M TrustZone (SAU, Interrupt assignment to Secure/Non-Secure)

• Setup of device specific Memory Protection Controller (MPC)

• Setup of device specific Peripheral Protection Controller (PPC)

Generate related linker configuration to ensure consistency

Solution: CMSIS-Zone simplifies Armv8-M system configuration

→ Learn more about device configuration with CMSIS-Zone

12Copyright © 2019 Arm, All rights reserved.

CMSIS-Zone – Development WorkflowConfiguration and build management for system resources

Resource *.rzone file lists all available systems resources.

Assignment *.azone file contains partitioning information and is managed by CMSIS-Zone tool

CMSIS-Zone tool generates sub-system resource files

Resources *.rzone

Assignments*.azone+ Sub-system

Resources *.rzone

ToolConfiguration

HardwareConfiguration

13Copyright © 2019 Arm, All rights reserved.

CMSIS-Zone – Development WorkflowMulti-step approach shows only relevant sub-system

It is possible to break down complexity of a system in multiple steps.

Sub-systems expose only the part of the system that is relevant for the user.

A sub-system user has no visibility to other parts of the system (as it typically configures also the related access protection).

Assignments*.azone+Sub-system

Resources *.rzone

ToolConfiguration

HardwareConfiguration

Sub-sub-system Resources

*.rzone

14Copyright © 2019 Arm, All rights reserved.

Configuration Steps

Step 1: split the multi-processor system into single processor sub-system

Example

SAU

SRAM

MPC

Core #1

Cortex-M33with TrustZone

Flash

MPC

DMA

Core #2

Cortex-M33

USB

SDIO

AES

TRN

G

USA

RT

GP

IO

PW

M

I2S

RTCI2C

SPI

Multi-layer AHB5 interconnect

PPC

Complete view of a multi-processor system

15Copyright © 2019 Arm, All rights reserved.

Configuration Steps

Step 1: split the multi-processor system into single processor sub-systems

Step 2: create the partitions for secure and non-secure execution

Example

SRAM

MPC

Flash

MPC

SDIO

USA

RT

GP

IO

RTC

PPC

SAU

DMA

Multi-layer AHB5 interconnect

AES

TRN

G

System view of processor core #1

SRAM

MPC

Flash

MPC

USB

PW

M

I2S

I2C

SPI

Multi-layer AHB5 interconnect

PPC

System view of processor core #2

Core #2

SRAM Flash

Core #1

Cortex-M33with TrustZone

Core #2

Cortex-M33

16Copyright © 2019 Arm, All rights reserved.

CMSIS-Zone Demo

17Copyright © 2019 Arm, All rights reserved.

Challenge: Manage Software Components

CMSIS-Pack defines a software delivery mechanism

• Software components, code templates, documentation, device and board support

• Software versioning for product lifecycle management (PLM)

• Manage dependencies to other software components

• Ensure consistent software APIs across components

• Simplify retargeting as software is selected based on hardware and toolchain

CMSIS-Pack system is today available in several mainstream toolchains

• Arm DS Development Studio and Arm Keil MDK

• IAR Embedded Workbench for Arm

• CMSIS Eclipse Plug-In (open-source) that is basis for several other implementations

Solution: CMSIS-Pack seamlessly combines software components

→ Learn more about CMSIS software components

18Copyright © 2019 Arm, All rights reserved.

SoftwareComponent #1

CMSIS-Pack

Software components should have:

• Version and history information

• License information

• API interface definition

• Documentation

• Source files

• Configuration files (optional)

• Requirements to other components (opt.)

CMSIS-Pack defines an XML format that frames this information and is used by project management utilities from various tools.

What is a software component?

API headers

Source code/libraries

API Interface

SW Component #2

Source code/libraries

Documentation

Configurationfiles

Version &License

Information

API headers

SW Component #3

Source code/libraries

API headers

SW Component #4

Source code/libraries

API headers

References to other software components

19Copyright © 2019 Arm, All rights reserved.

Relationships of Packs and Software Components

Packs can require other packs to be installed:

Components can have dependencies on other components; either from the same or from other packs:

Pack AVersion n

Pack BVersion m

Pack A, Version n

Component A Component B Component C

Pack B, Version m

Component A Component B Component C

20Copyright © 2019 Arm, All rights reserved.

Implementation #3Implementation #2

Softwarecomponent

Central API definition

Central API Interface definition for software components

A central API definition shares header file and documentation of an API interface across multiple other software components to ensure consistency.

The API interface is distributed separately or as part of the software component that consumes this interface. The API header file is therefore consistent.

An example is the CMSIS-Driver pack that contains various Ethernet and Flash drivers –all compatible with the CMSIS-Driver APIs that are published in the CMSIS Pack.

API headers evolve over time

API headers

Source code/libraries

Interfaces

API headers(Definition)

Implementation #1

Source code/libraries

Source code/libraries

Source code/libraries

Documentationof API

22Copyright © 2019 Arm, All rights reserved.

CMSISCORE

SDK Project TemplateBoard configuration

CBORTinyCBOR

JSONJsmn

DeviceStartup

SDK DriversAll

Cloud pack BSP 3rd party packDFPCMSIS pack RTOS pack Mbed TLS pack

SPI/UARTCMSIS-Driver

Com pack

Application code

Cloud connector and service

TF-MCORE

Sto

rage

Cry

pto

Bo

ot

TF-MStorage NS

TF-MCrypto NS

TF-MBoot NS

RTOSTF-MIPC

Flas

hD

rive

r

Har

dw

are

Acc

eler

ato

r

Mem

ory

Dri

ver

Har

dw

are

Inte

rfac

es

PSA

Ser

vice

s

Alignment with CMSIS and TF-M can simplify security, crypto, and firmware update

CMSIS + TF-M can drastically simplify

software configuration to

custom hardware

WiFiSDK

WiFiCMSIS-Driver

IoT Socket

Cloud software stack on Armv8-M with TrustZone

Non-secure Secure

23Copyright © 2019 Arm, All rights reserved.

Component System Demo

24Copyright © 2019 Arm, All rights reserved.

IoT Socket

WiFi driver and IoT socket component combinedGeneric communication foundation for cloud connectors on Cortex-M

Security is provided by Mbed Crypto

IoT Socket can interface with:

• WiFi CMSIS-Driver to connect to various wireless chipsets

• MDK-Middleware network stack

• LwIP (optional, WiP – contributions welcome)

MiddlewareMDK

lwIP

SecurityMbed Crypto

WiFiCMSIS-Driver

SPI,SDIO,UARTCMSIS-Driver

IoT Socket

SecurityMbed Crypto

IoT Socket

SecurityMbed Crypto

Ethernet MACCMSIS-Driver

Ethernet MACCMSIS-Driver

Ethernet PHYCMSIS-Driver

Ethernet PHYCMSIS-Driver

Cloud Connector

25Copyright © 2019 Arm, All rights reserved.

Challenge: System Validation

PSA Functional API Test Suite for testing security functions of TF-M

• API compliance test suite validates Crypto, Secure Storage and Attestation

• Test results are fundament for the PSA Certified program

• These test results give confidence on the system security implementation

Arm Keil MDK includes features for IoT endnote validation

• System Analyzer shows the overall system timing (ISR, threads, user events)

• Component Viewer shows the status of software components

• Event Recorder records timing of events

• Power Measurement with ULINKplus helps to optimize power consumption

Solution: Verification with PSA test and MDK debug features

→ Learn more about IoT System Validation

26Copyright © 2019 Arm, All rights reserved.

Validate Security Functions of TF-M ImplementationRunning the PSA Functional API Test Suite on your implementation

Non-Secure Secure

Device Configuration

TF-M Core Secure Boot

Pla

tfo

rmD

rive

rs

Sto

rage

Cry

pto

Att

esta

tio

n

CMSIS-CORE

RTOS

PSA Test Kit

PSA Test Kit

Gives confidence on system security implementation

VerifiesCrypto, Storage and Attestation

27Copyright © 2019 Arm, All rights reserved.

Timing Analysis of an Embedded SystemCheck run-time status and dynamic software behavior

28Copyright © 2019 Arm, All rights reserved.

Analysis for Software ComponentsEvent Recorder showing status and dynamic software behavior

Dynamic operationwith timing

Status information

Preconfigured for MDK-Middleware, RTX5, and FreeRTOS

Easy to add to custom components

29Copyright © 2019 Arm, All rights reserved.

Analyzing and Optimizing Energy ConsumptionExample: IoT Sensor Interface

Optimizations identified• Triggering sensors with lower current• Read sensors faster with less MCU activity• Identify hardware issues

Trigger sensors Read sensors Transmit

1.5 mA

300 µA

ori

gin

alo

pti

miz

ed

Overall 75% less energy consumed

ULINKplus• Power measurement• 50 Mbps SWO trace• 1 kV isolation• I/O pins for test

automation

30Copyright © 2019 Arm, All rights reserved.

Summary

✓CMSIS-Zone simplifies resource partitioning and clearly shows available resources.

✓Generate consistent setup for access control and software tools.

Device hardware configuration Manage software components System validation

✓ Software packs provide ready-to-use software components (CMSIS, RTOS, TF-M, IoT Socket).

✓ Integration of the CMSIS-Pack system into modern IDEs helps to setup working software on the selected device.

✓ PSA test suite gives confidence in system security configuration.

✓ Keil MDK analyzes complex systems and helps to identify timing or power problems.

TF-M and CMSIS let you focus on application development for secure IoT endpoints.Thus, it becomes as easy as classic embedded systems programming.

Using standard software components

https://community.arm.com/cn/

31Copyright © 2019 Arm, All rights reserved.

Trademark and copyright statementThe trademarks featured in this presentation are registered and/or unregistered trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.

Copyright © 2019

Thank You!

#ArmTechCon