Hello everyone, I am a ruffian balance, is a serious technical ruffian. ARM Cortex-M module, but focus on the three security features of the processor.

CM0/CM0+, CM1, CM3, CM4, CM7, and CM23, CM33, and CM35P are the main security features of the ARM Cortex-M processor family.

1. Cortex-m security features

In recent years, the Internet of Things has become a hot topic among embedded system developers. When you talk about the Internet of Things, security is on everyone’s mind. Embedded system products need better solutions to ensure system security. With this in mind, ARM has released a new ARMv8-M architecture and three processors based on it, the ARM Cortex-M23/33/35P, introducing the following security features:

1.1 TrustZone

The ARMV8-M architecture includes A security extension called TrustZone, A secure encryption technology that was first developed in 2004 and has since spread across the Cortex-A family of processors as mobile applications become more widespread. In the embedded world of the Internet of Things, the cortex-M processor, which has a much higher power consumption than the cortex-M23/33, has not been able to do this until now. TrustZone imports the orthogonal partition between security and insecure states. Insecure software can access only the storage space and peripheral devices in the insecure state, and secure software can access all resources in the two states. The TrustZone security mechanism prevents hackers from controlling the entire device, limits the impact of attacks, and enables remote system recovery. In addition, the ARMv8-M architecture introduces stack boundary checking and enhanced MPU design, prompting the adoption of additional security measures.

1.2 Anti – tampering

Physical Attacks can be divided into invasive and non-invasive Attacks. Invasive Attacks require chip packaging to be removed and Attacks are launched using chip-level vulnerabilities, while non-invasive Attacks, such as side-channel Attacks (SCA), are carried out when the chips are very close to each other. Detection of leakage information such as chip power consumption or electromagnetic fields emitted when operating codes. The targets of both attacks are nothing more than planting malicious programs on devices or gaining access to sensitive internal information. ARM’s new Cortex-M35P is the first processor in the Cortex-M line to offer tamper-resistant and physical attack protection. The Cortex-M35P features the same anti-tampering technology as SecurCore processors such as SC000 and SC300, helping embedded security developers prevent physical tampering and achieve higher levels of security authentication.

2. Difference between Cortex-M functional modules

Since CM23 is an upgrade of CM0/CM0+ and CM33 is an upgrade of CM3/CM4, we only compare the original kernel with the upgraded version.

2.1 CM0+ vs CM23

So what exactly does CM23 improve?

  • Armv8-m Baseline CPU kernel: ARM’s Baseline CPU kernel launched in 2016. Compared with ARMV6-M, 32-bit hardware divider is added.
  • NVIC nested vector interrupt controller: supports up to 240 external interrupts, but maintains the same level 4 preemption priority (2bit).
  • AHB5 bus: A 32bit AMBA-5 standard high-performance system bus is responsible for all Flash, SRAM instructions and data access.
  • MPU memory protection unit: The memory can be divided into a maximum of 16 x 8 regions.
  • Debugging module: The maximum of 4 hardware breakpoints remain unchanged, and the maximum of 4 data monitoring points, watchpoints, is increased to 4.
  • ETM tracking unit: ETM provides real-time instruction and data tracking.
  • Systick timer: Increases the number of timers to two.

So what exactly does CM23 add?

  • TrustZone software security features: TrustZone imports the orthogonal partition between security and insecure states. Insecure software can access only the storage space and peripheral devices in the insecure state, and secure software can access all resources in both states.

2.2 vs CM33 CM4

CM0+ = CM0+ = CM23

So what exactly does CM33 improve?

  • Armv8-m Mainline CPU core: Armv8-M Mainline CPU core from ARM in 2016. Compared with ARMV7E-M, instruction branch prediction is removed.
  • NVIC nested vector interrupt controller: Supports a maximum of 480 external interrupts, but maintains an 8-256 priority (8bit).
  • 2X AHB5 bus: Two AHB5 buses, in which the AHB-P peripheral interface performs the functions of the original System bus, and the AHB-S slave interface performs the functions of the external bus controller (such as DMA).
  • MPU memory protection unit: The memory can be divided into a maximum of 16 x 8 regions.
  • Systick timer: Increases the number of timers to two.

So what exactly does CM33 add?

  • TrustZone software security features: TrustZone imports the orthogonal partition between security and insecure states. Insecure software can access only the storage space and peripheral devices in the insecure state, and secure software can access all resources in both states.

2.3 CM33 vs CM35P

CM33 and CM4 are enhanced by CM35P.

So what exactly does CM35P improve?

Well, CM35P doesn’t improve any existing modules over CM33.

So what exactly does CM35P add?

  • I-cache: L1 Cache. The Cache size ranges from 2 KB to 16KB.
  • Anti-tampering physical Security features: Designed to withstand a wide range of physical attacks, anti-tampering physical security features are embedded to help developers defend against physical tampering attacks and achieve higher levels of safety certification.

Welcome to subscribe to

The article will be published on my blog park homepage, CSDN homepage and wechat public account platform at the same time.

Wechat search “ruffian balance embedded” or scan the following two-dimensional code, you can see the first time on the phone oh.