With the ever increasing range of applications for Arm® microcontrollers, from simple environmental monitors, through to automotive components and complex consumer appliances, the issue of security when developing these devices has never been so crucial.
This course covers the security aspects of software design in Arm's latest v8-M processors (including the Cortex®-M23 and Cortex-M33) that utilize TrustZone v8-M Security Extensions. The training includes architecting the software, configuring the secure side, accessing secure APIs from the non-secure side and dealing with exceptions.
The workshops are based around carefully designed exercises investigating features of the TrustZone-M architecture, their practical application, and comprise around 40% of class time. If you have specific security application requirements, please contact the Doulos team to discuss your options.
Non-security topics (such as understanding the use of DSP instructions or the floating-point unit, optimization and standard debugging techniques) are covered in other courses. See Arm Cortex-M33 Software Design.
This course is aimed at electronic hardware, software and system-on-chip engineers who need to gain a working knowledge of this new security architecture. This could include:
Delegates should have good knowledge of embedded systems, and a basic understanding of embedded programming in C and assembler. Solid knowledge of the Arm v7-M architecture (minimum M3/M4) or Arm v8-M architecture is required (or prior attendance of Developing with Arm Cortex-M or the Software Design courses covering Arm Cortex-M23 or Arm Cortex-M33). Please contact Doulos directly to discuss and assess your specific experience against the pre-requisites.
Doulos training materials are renowned for being the most comprehensive and user-friendly available. Their style, content and coverage are unique in the Embedded Systems training world, and have made them sought after resources in their own right. The materials include:
The training materials for this class are based on Arm's own material. Doulos is a global Arm Approved Training Partner.
Assets and Threats • Typical attacks • Roots of trust • Security domains • Clocks and power issues • Security of Libraries • Physical Security • Costs of security • SecurCore • Functional Safety • CMSIS Secure API
Security States • Calling between security states • Register banking • Memory security • New instructions • How exceptions are mapped • Behavior changes for exceptions
System level memory partitioning • Managing legacy device interactions • Memory and I/O gating • SIE-200 • Block and watermark-based memory partitioning • Issues with programmable masters
Arm C Language Extensions (ACLE) supporting TrustZone • Calling non-secure code from secure code • Calling secure code from non-secure code • Creating an import library • Using an import library • Secure gateway veneers • Using CMSIS to configure the SAU • TT instruction
Protecting against low-level attacks • Format string attack • Timer bombs • Unauthorized addresses • Tampering with parameters • Stack attack • Code injection • Return oriented programming • Design for Testing • Templates vs Meta-APIs • White Hat Teams • Request audit/service model • API Access Range Restriction
Processor level memory partitioning • MPU memory basics • PPB access • SAU registers • SAU configuration • Examples of IDAU mappings
Reset considerations • Secure boot • Exception types • Stack frame layouts • Secure exception behaviors • Secure interrupt configuration • Interrupt priority issues • Fault exceptions for security
For on-site, team-based training, please contact Doulos about tailoring this course to suit your particular hardware and software environment.
Arm and Cortex are registered are registered trade marks of Arm Holdings Plc.
Complete an enquiry form and a Doulos representative will get back to you.
Enquiry FormPrice on request