登录查看更多内容

点击“继续加入或登录”，即表示您同意遵守领英的《用户协议》、《隐私政策》及《Cookie 政策》。

Last updated on 2024年10月13日

What are the best practices for using ARMv8-M security extensions?

由人工智能和领英社区提供技术支持

ARMv8-M is a microcontroller architecture that supports security extensions, which enable the creation of isolated and protected execution environments for sensitive code and data. These extensions can help prevent unauthorized access, tampering, and leakage of information, as well as improve the resilience and reliability of the system. However, to use them effectively, you need to follow some best practices that will help you design, implement, and test your secure applications. In this article, we will cover six of these best practices, and explain how they can help you achieve your security goals.

此文章中的业界达人

由社区从 4 条内容中精选。了解更多

Austin Kim

Linux kernel Engineer | Author | RISC-V | Arm | 4x LinkedIn Top Voice ??
Ravikiran HV

Principal Application Engineer
Cmdr (Dr.?) Reji Kurien Thomas , FRSA, MLE?

I Empower Sectors as a Global Tech & Business Transformation Leader| Stephen Hawking Award 2024| Harvard Leader | UK…

1 Understand the security model

The security extensions of ARMv8-M are based on the concept of TrustZone, which divides the system into two security states: secure and non-secure. The secure state has access to all the resources of the system, while the non-secure state has limited access, and can only access the secure state through predefined entry points. The security state is controlled by the hardware, and can be switched by specific instructions or exceptions. To use the security extensions, you need to understand how the security state affects the memory, peripherals, interrupts, and exceptions of the system, and how to configure them accordingly.

添加您的观点

Austin Kim

Linux kernel Engineer | Author | RISC-V | Arm | 4x LinkedIn Top Voice ??
举报内容
By default, it's important to understand TrustZone well. The key concept of TrustZone is as follows: 1. It separates the software execution environment into the secure world and the non-secure world. 2. Sensitive data, like passwords and important personal information, are processed by software running in the secure world. 3. To switch between the secure and non-secure worlds, the SMC instruction must be executed. Arm’s security extension is built around TrustZone, so make sure to familiarize yourself with it.

已翻译

赞
Cmdr (Dr.?) Reji Kurien Thomas , FRSA, MLE?

I Empower Sectors as a Global Tech & Business Transformation Leader| Stephen Hawking Award 2024| Harvard Leader | UK House of Lord's Awardee | Fellow Royal Society | CyberSec | CCISO CISM CCNP-S CEH
举报内容
Utilising ARMv8-M security extensions effectively involves several best practices:- (a) Clear Separation - Allocate resources distinctly between secure & non-secure states, preventing overlaps (b) Least Privilege - Employ minimum privilege levels for tasks, ensuring secure access control (c) Stack Separation - Maintain separate stack pointers for different security states to prevent data compromise (d) Secure Boot - Implement a secure boot process, authenticating code during startup. (e) Controlled Interrupts (f) Limit debug capabilities to authorised personnel. (g) Routine Audits

已翻译

赞

2 Partition the system

One of the key steps to use the security extensions is to partition the system into secure and non-secure regions, and assign the appropriate attributes and access rights to each region. This can be done by using the Secure Attribution Unit (SAU) and the Implementation Defined Attribution Unit (IDAU), which define the security boundaries for the memory and peripherals. You also need to define the secure entry points, which are the functions that can be called from the non-secure state to access the secure state. These entry points are marked with the Secure Gateway (SG) instruction, and are protected by the Secure Gateway Control (SGC) register.

添加您的观点

Ravikiran HV

Principal Application Engineer
举报内容
If you are a beginer to ARM TrustZone, understnd the fundamentals to gets started. Listing down few questions, that can help to understand the partitioning - (a). How CPU starts on power on ? (b). What is secure and non-secure modes of CPU ? (c). What memories CPU can access in respective modes(#b) ? (d). How do I make region of my memory secure and isolate it from non-secure software ? (e). How do I make certain peripherals secure and isolate from non-secure application ? (f). How do I share the secure resources with non-secure application on demand (for example, you want to use UART for logging on secure and non-secure sides both) ?

已翻译

赞

3 Use secure libraries

Another best practice is to use secure libraries that provide common functionality for the secure state, such as cryptography, authentication, firmware updates, and secure storage. These libraries can help you reduce the development time and complexity, as well as ensure the quality and compliance of your secure code. You can use the ARM TrustZone CryptoCell library, which is a hardware-accelerated cryptographic engine that supports various algorithms and protocols, or the ARM TrustZone Mbed OS library, which is a software framework that provides an API for secure services and communication.

添加您的观点

Ravikiran HV

Principal Application Engineer
举报内容
Trusted Firmware-M (TF-M) provides a reference implementation of secure software for Trust Zone based Cortex-M devices. Before finalizing on any of your CM33 SPE stack finalization, make sure you evaluate the option of TF-M. TF-M is an open source library that offers Trusted Execution Environment in accordance with Platform Secure Architecture (PSA). This is an all-in-one offering of secure storage, cryptography, attestation, firmware update etc, with simple framework support for addition of your own services, when needed.

已翻译

赞

4 Follow coding guidelines

To ensure the security and robustness of your code, you should adhere to certain coding guidelines. Utilizing static analysis tools can help detect potential issues like buffer overflows, memory leaks, or uninitialized variables. Additionally, a consistent coding style and naming convention should be used and documented clearly. Global variables and pointers should be avoided as they can introduce security risks or side effects. Defensive programming techniques such as input validation, error handling, and assert statements should be implemented to prevent unexpected behavior or malicious inputs. Finally, secure coding standards such as MISRA C or CERT C should be followed to comply with the best practices for safety and security.

添加您的观点

5 Test and debug your code

Testing and debugging your code is crucial to verify its functionality and security, as well as to identify and fix any issues or defects. This can be challenging, however, due to the limited visibility and access from the non-secure state. To address this, you should consider using tools and techniques such as a debugger with security extensions, a simulator that emulates the security extensions, or a test framework that supports the security extensions. These can offer features such as breakpoints, watchpoints, trace, analysis, virtual platform control, and compliance with security standards and specifications.

添加您的观点

6 Keep your code updated

The last best practice is to keep your code updated with the latest patches, updates, and improvements, as well as to monitor and respond to any security incidents or vulnerabilities that may affect your system. This can help maintain security and performance, as well as meet regulatory and industry requirements. To do this, you can use a version control system such as Git or SVN to manage your code and track its changes and history. Additionally, you can use a secure firmware update mechanism like ARM Firmware Framework for Mbed OS or TF-M Firmware Update Service to deliver and install updates securely. Finally, you can use a vulnerability management system like ARM PSA Certified Vulnerability Reporting Service or the CVE database to notify of any known or reported vulnerabilities that may affect your system and provide guidance on how to mitigate them.

添加您的观点

7 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

ARM Architecture

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

What are the best practices for using ARMv8-M security extensions?

1

2

3

4

5

6

7

1 Understand the security model

2 Partition the system

3 Use secure libraries

4 Follow coding guidelines

5 Test and debug your code

6 Keep your code updated

7 Here’s what else to consider

ARM Architecture

给文章评分

感谢您的反馈

更多ARM Architecture相关文章

更多相关阅读内容