I am new to trustzone on the Cortex-M and am wondering if I can use it to isolate a third party application from a bunch of legacy code. The idea would be to move the legacy code with freertos into the secure side and then launch the third party application as non secure code. The alternative would be to use the MPU and use SVC to implement an API for the third party application (API code needs different MPU settings)
Now I have few questions in this regard:
- Are there any advantages of using trustzone over using the MPU with SVC calls.
- From what I read, on is supposed to keep the code in trustzone to a minimum to minimize the attackable surface. What is a usual partitioning between secure/non secure?
- If I wanted to run threads in the secure and non secure side, how would I go about it? Would one run a single OS/Scheduler and provide an API to the third party side to launch threads, or would one run two OS instances (Since Systick, SVC, and SVCPend are banked this seems feasible, although I am unsure how the scheduling between the two OS's would work)?