0

I am new to trustzone on the Cortex-M and am wondering if I can use it to isolate a third party application from a bunch of legacy code. The idea would be to move the legacy code with freertos into the secure side and then launch the third party application as non secure code. The alternative would be to use the MPU and use SVC to implement an API for the third party application (API code needs different MPU settings)

Now I have few questions in this regard:

  1. Are there any advantages of using trustzone over using the MPU with SVC calls.
  2. From what I read, on is supposed to keep the code in trustzone to a minimum to minimize the attackable surface. What is a usual partitioning between secure/non secure?
  3. If I wanted to run threads in the secure and non secure side, how would I go about it? Would one run a single OS/Scheduler and provide an API to the third party side to launch threads, or would one run two OS instances (Since Systick, SVC, and SVCPend are banked this seems feasible, although I am unsure how the scheduling between the two OS's would work)?
Improve this question

1 Answer 1

Reset to default
1

I will reference two prior Q/A.

The first points to two paradigms for using TrustZone; An API and a co-operative OS. The 2nd question is many nuances of getting a co-operative OS to work under TrustZone. It concentrates on a GIC which is a Cortex-A and not Cortex-M interrupt controller.

Are there any advantages of using trustzone over using the MPU with SVC calls?

So, obviously, if the system is using a co-operative (the secure OS is co-operative and the normal OS is oblivious) multi-tasking, only TrustZone can do this versus an MPU with SVC calls. If the API caller of the SVC is 'user mode' only, then there is no benefit. If the API caller has drivers and other functionality, trustzone allows safer and more secure operation.

From what I read, on is supposed to keep the code in trustzone to a minimum to minimize the attackable surface. What is a usual partitioning between secure/non secure?

The minimum. You ask what is the minimum? It depends on your system.

If I wanted to run threads in the secure and non secure side, how would I go about it? Would one run a single OS/Scheduler and provide an API to the third party side to launch threads, or would one run two OS instances (Since Systick, SVC, and SVCPend are banked this seems feasible, although I am unsure how the scheduling between the two OS's would work)?

This is a co-operative secure OS. Even the secure threads need to 'yield' to the allow the normal OS to run. This can introduce weird delays in the normal world OS. If you can trust the normal world interrupt handlers, then it is much easier. However, some features like TZASC, and an IRQ watchdog maybe needed for this case.

These are the technical details. There is also a much larger effort to get TrustZone functional versus an MPU. There is a balance of performance as well. There are many system requirements which will alter the effort/performance for any particular system. If Trustzone was free to implement correctly, it would always be equivalent or better.

Improve this answer
5
  • For clarification: What is an "IRQ Watchdog" (Best guess: Watchdog which terminates the non secure OS in case the normal world interrupts cant be trusted/starve the secure os)? By "user mode" you mean the program does not have interrupts/hardware access (I feel you are implying this with the next sentence, but I am not sure if that is a coherent paragraph or more a list of independent bulletpoints)
    – ted
    Commented Jun 13 at 20:13
  • 1
    Normal world IRQ could prevent the mainline secure from running. So, you need a FIQ timer that works with the monitor mode. If an IRQ takes too long, you suspend it (or take some corrective action). UserMode is a Cortex-A concept. It would be a MSP/PSP type of separation with MMU/MPU that can partition the code. Yes, it would imply interrupts, hardware access, DMA attacks, etc. Both are like you describe. However, the last part is a little dependant on OS features (in both spaces/worlds).
    – artless noise
    Commented Jun 13 at 20:21
  • I am afraid your first Sentence "So, obviously, if the system is using a co-operative [...], only TrustZone can do this versus an MPU with SVC calls", is not obvious to me. If I have co-operative multitasking the third party app might starve the rest of the system. Is that what you are alluding to, or is there more to it?
    – ted
    Commented Jun 13 at 20:23
  • You need your secure OS to yield sometime like in it's idle process at a minimum. However, it maybe necessary to yield in other long running circumstances to give higher priority normal world processes some time. Ie, it depends on the 3rd party software stack. So, basically, you have two OS's. How do you resolve priorities between the two OSs so that the normal world system does not become 'upset'.
    – artless noise
    Commented Jun 13 at 20:25
  • So, it is possibly an inversion to what you are thinking. Trustzone is great to partition the secure part, but what about the poor normal world? I found it it easy to add checkpoints to the secure world task to yield and let the normal world run. If you had a secure OS that was normal world OS aware, you might be able to create a scheduler that works with both (this is a lot of effort). The first part works fairly easily for simpler systems (10-20 processes).
    – artless noise
    Commented Jun 13 at 20:34

Not the answer you're looking for? Browse other questions tagged or ask your own question.