TrustZone of the Cortex-M23/33 vs. TrustZone of the Cortex-A

Question

What is the difference between the TrustZone of Cortex M23/33 and the TrustZone of Cortex A? May I start to prototype my Cortex M23 application on a Cortex A processor and then migrate to Cortex M23 when chips with this core are available?

Answer 1

Trustzone in Cortex-A use a dedicated mode to handle the switch between security state, this mode is monitor mode. In monitor mode processor will be always in secure state and will have access to NS bit in SCR register and this magic bit will define the security state of the mode that CPU will switch to after monitor mode. As a result any switch between secure and non-secure state will go through single entry point which is monitor mode.

ARMv8m with security extension had different approach, although the concept is the same by having two states secure and non secure but we can implement multiple entry points to switch between CPU states, so you have three type of memory attributes : secure, non-secure and non-secure callable and non-secure callable will represent the entry point that ensure transition from non-secure to secure.

The entry point in non-secure callable memory has unique structure: it must start by SG (secure gate) instruction, once executed the CPU will switch to secure state. Switching back to non-secure state is handled by executing others dedicated instruction : BXNS and BLXNS

ARMv8M follows different approach by having multiple entry points that can be implemented by user and has divide addressable memory pace between 3 memory attribute

for more details you can refer to following course: https://www.udemy.com/course/arm-cortex-m33-trust-zone/?referralCode=6BDA6DF1E47A7CF53175

Answer 2

Disclaimer: I am not a TrustZone expert, I have read some articles and experimented a with Arm Trusted Firmware on an Armv8-a processor in Aarch64 state, and at EL3/EL2 exceptions level.

According to this link, they seem very different:

• Cortex-A are using the SMC instruction for switching between non-secure and secure world, and some specific pieces or software need to be written, such as a trusted boot, a secure world switch monitor, a small trusted OS and trusted apps.
• Cortex-M are using their hardware for faster transitions and greater power efficiency betrween non-secure and secure worlds. There is no need for any secure monitor software.

Bottom line, you should probably not use a Cortex-A for starting developing your Cortex-M23 software.

You should rather have a look on the Arm MPS2+ FPGA Prototyping Board, verify that is is well suited to your needs and buy one: according to ARM, it "is supplied with fixed encrypted FPGA implementations of all the Cortex-M processors.", including Cortex-M23 and Cortex-M33 implementations.

There obviously will be differences in terms of performance between the FPGA implementation and a real Cortex-M23 implementation, but from a TrustZone-aware software point of view, there should be none.

If you think about it, USD $495.00 is less than 10 hours of an embedded software developer costing USD 50 per hour. This is not too huge a price for removing a huge risk from your project - my two cents.

Answer 3

I got an answer from ARM on this question through another channel and since the topic might be interesting for the community I want to share it here. Here is what ARM says:

While both of them are called TrustZone and at high level the concepts are similar, at low level of the architecture there are many differences between TrustZone on Cortex-M23/M33 and Cortex-A. The following website summarized the key differences:

https://developer.arm.com/technologies/trustzone

Due to those architectural differences, you cannot use a Cortex-A platform to develop TrustZone software for Cortex-M.