Practical steps for developing secure IoT endpoints · Memory er e or Flash er s vices Alignment...
Transcript of Practical steps for developing secure IoT endpoints · Memory er e or Flash er s vices Alignment...
1Copyright © 2019 Arm, All rights reserved.Copyright © 2019 Arm, All rights reserved.
#Arm Tech Symposia
Senior Marketing ManagerArmZhang Zheng
Practical steps for developing secure IoT endpoints
2Copyright © 2019 Arm, All rights reserved.
Agenda
Components that enable secure IoT endpoints
• Trusted Firmware-M (TF-M) implements the PSA software services
• CMSIS components for device software foundation
• Hardware security of Armv8-M based devices
Challenges of IoT endpoint development
• Resource partitioning and security setup of the system hardware
• Using standard software components on a diverse range of devices
• Validation and verification of secure embedded systems
Development tools and software components that help
• CMSIS-Zone manages system resources and tool configuration
• Software packs that manage software components for diverse devices
• Compliance tests and tool features for validation and verification
3Copyright © 2019 Arm, All rights reserved.
Components of a secure IoT endpoint
Software and hardware landscape
4Copyright © 2019 Arm, All rights reserved.
Platform Security ArchitectureA complete security offering. Independently tested.
Certify
5Copyright © 2019 Arm, All rights reserved.
Trusted Firmware-M – Framework for Cortex-M23/M33Cloud software stack for Armv8-M utilizing TrustZone
Non-Secure Secure
Device Configuration
TF-M Core Secure Boot
Pla
tfo
rmD
rive
rs
Sto
rage
Cry
pto
Att
esta
tio
n
CMSIS-CORE
RTOS
Use
r A
pp
licat
ion
Clo
ud
Co
nn
ecto
r
Secu
re N
etw
ork
Inte
rfac
e
6Copyright © 2019 Arm, All rights reserved.
Devices for Secure IoT EndpointsRich feature sets and security mechanisms of today's microcontrollers
SAU DMA
SRAM
MPCMemory
Protection Controller
PPCPeripheral
Protection Controller
Cortex-M33
The Challenge
The security settings of SAU, MPC, and
PPC must be consistent.
USB
SDIO
AES
TRN
G
USA
RT
GP
IO
PW
M
I2S
RTCI2C
SPI
Cortex-M33with TrustZone
Flash
MPCMemory
Protection Controller
Multi-layer AHB5 interconnect
MCUDevice
7Copyright © 2019 Arm, All rights reserved.
Challenges of IoT Endpoint Development
Click to add subtitle
8Copyright © 2019 Arm, All rights reserved.
IoT devices are different, so how can we deploy IoT software stacks efficiently at scale?
1 Trillion devices by 2035 =
~10 years10 million units/year
10.000 bespoke designs
9Copyright © 2019 Arm, All rights reserved.
Challenges of IoT Endpoint DevelopmentUsing standard software components on diverse devices
• Multi-processor devices share resources that need partitioning
• Programmers want simple views to available resources
• Various hardware security filters require consistent setup
• Configuration of the software development tools must match the overall hardware setup
Device hardware configuration Manage software components System Validation
• Complex IoT software stacks should rely on standard software components
• Devices use foundation software, hardware drivers, and need application specific setup
• Memory footprint is important
• Managing 3rd party software over the product lifecycle
• Verification of security is a new challenge in the embedded industry
• How to ensure the time deterministic operation that is required in many embedded systems
• IoT endpoints should be power efficient, but hardware configuration is complicated
10Copyright © 2019 Arm, All rights reserved.
Development tools and software components
that help
11Copyright © 2019 Arm, All rights reserved.
Challenge: Device Hardware Configuration
Partition a multi-processor system into single processor views
Setup memory and peripherals for secure/non-secure environment
Generate consistent configuration
• Setup for the Armv8-M TrustZone (SAU, Interrupt assignment to Secure/Non-Secure)
• Setup of device specific Memory Protection Controller (MPC)
• Setup of device specific Peripheral Protection Controller (PPC)
Generate related linker configuration to ensure consistency
Solution: CMSIS-Zone simplifies Armv8-M system configuration
→ Learn more about device configuration with CMSIS-Zone
12Copyright © 2019 Arm, All rights reserved.
CMSIS-Zone – Development WorkflowConfiguration and build management for system resources
Resource *.rzone file lists all available systems resources.
Assignment *.azone file contains partitioning information and is managed by CMSIS-Zone tool
CMSIS-Zone tool generates sub-system resource files
Resources *.rzone
Assignments*.azone+ Sub-system
Resources *.rzone
ToolConfiguration
HardwareConfiguration
13Copyright © 2019 Arm, All rights reserved.
CMSIS-Zone – Development WorkflowMulti-step approach shows only relevant sub-system
It is possible to break down complexity of a system in multiple steps.
Sub-systems expose only the part of the system that is relevant for the user.
A sub-system user has no visibility to other parts of the system (as it typically configures also the related access protection).
Assignments*.azone+Sub-system
Resources *.rzone
ToolConfiguration
HardwareConfiguration
Sub-sub-system Resources
*.rzone
14Copyright © 2019 Arm, All rights reserved.
Configuration Steps
Step 1: split the multi-processor system into single processor sub-system
Example
SAU
SRAM
MPC
Core #1
Cortex-M33with TrustZone
Flash
MPC
DMA
Core #2
Cortex-M33
USB
SDIO
AES
TRN
G
USA
RT
GP
IO
PW
M
I2S
RTCI2C
SPI
Multi-layer AHB5 interconnect
PPC
Complete view of a multi-processor system
15Copyright © 2019 Arm, All rights reserved.
Configuration Steps
Step 1: split the multi-processor system into single processor sub-systems
Step 2: create the partitions for secure and non-secure execution
Example
SRAM
MPC
Flash
MPC
SDIO
USA
RT
GP
IO
RTC
PPC
SAU
DMA
Multi-layer AHB5 interconnect
AES
TRN
G
System view of processor core #1
SRAM
MPC
Flash
MPC
USB
PW
M
I2S
I2C
SPI
Multi-layer AHB5 interconnect
PPC
System view of processor core #2
Core #2
SRAM Flash
Core #1
Cortex-M33with TrustZone
Core #2
Cortex-M33
16Copyright © 2019 Arm, All rights reserved.
CMSIS-Zone Demo
17Copyright © 2019 Arm, All rights reserved.
Challenge: Manage Software Components
CMSIS-Pack defines a software delivery mechanism
• Software components, code templates, documentation, device and board support
• Software versioning for product lifecycle management (PLM)
• Manage dependencies to other software components
• Ensure consistent software APIs across components
• Simplify retargeting as software is selected based on hardware and toolchain
CMSIS-Pack system is today available in several mainstream toolchains
• Arm DS Development Studio and Arm Keil MDK
• IAR Embedded Workbench for Arm
• CMSIS Eclipse Plug-In (open-source) that is basis for several other implementations
Solution: CMSIS-Pack seamlessly combines software components
→ Learn more about CMSIS software components
18Copyright © 2019 Arm, All rights reserved.
SoftwareComponent #1
CMSIS-Pack
Software components should have:
• Version and history information
• License information
• API interface definition
• Documentation
• Source files
• Configuration files (optional)
• Requirements to other components (opt.)
CMSIS-Pack defines an XML format that frames this information and is used by project management utilities from various tools.
What is a software component?
API headers
Source code/libraries
API Interface
SW Component #2
Source code/libraries
Documentation
Configurationfiles
Version &License
Information
API headers
SW Component #3
Source code/libraries
API headers
SW Component #4
Source code/libraries
API headers
References to other software components
19Copyright © 2019 Arm, All rights reserved.
Relationships of Packs and Software Components
Packs can require other packs to be installed:
Components can have dependencies on other components; either from the same or from other packs:
Pack AVersion n
Pack BVersion m
Pack A, Version n
Component A Component B Component C
Pack B, Version m
Component A Component B Component C
20Copyright © 2019 Arm, All rights reserved.
Implementation #3Implementation #2
Softwarecomponent
Central API definition
Central API Interface definition for software components
A central API definition shares header file and documentation of an API interface across multiple other software components to ensure consistency.
The API interface is distributed separately or as part of the software component that consumes this interface. The API header file is therefore consistent.
An example is the CMSIS-Driver pack that contains various Ethernet and Flash drivers –all compatible with the CMSIS-Driver APIs that are published in the CMSIS Pack.
API headers evolve over time
API headers
Source code/libraries
Interfaces
API headers(Definition)
Implementation #1
Source code/libraries
Source code/libraries
Source code/libraries
Documentationof API
22Copyright © 2019 Arm, All rights reserved.
CMSISCORE
SDK Project TemplateBoard configuration
CBORTinyCBOR
JSONJsmn
DeviceStartup
SDK DriversAll
Cloud pack BSP 3rd party packDFPCMSIS pack RTOS pack Mbed TLS pack
SPI/UARTCMSIS-Driver
Com pack
Application code
Cloud connector and service
TF-MCORE
Sto
rage
Cry
pto
Bo
ot
TF-MStorage NS
TF-MCrypto NS
TF-MBoot NS
RTOSTF-MIPC
Flas
hD
rive
r
Har
dw
are
Acc
eler
ato
r
Mem
ory
Dri
ver
Har
dw
are
Inte
rfac
es
PSA
Ser
vice
s
Alignment with CMSIS and TF-M can simplify security, crypto, and firmware update
CMSIS + TF-M can drastically simplify
software configuration to
custom hardware
WiFiSDK
WiFiCMSIS-Driver
IoT Socket
Cloud software stack on Armv8-M with TrustZone
Non-secure Secure
23Copyright © 2019 Arm, All rights reserved.
Component System Demo
24Copyright © 2019 Arm, All rights reserved.
IoT Socket
WiFi driver and IoT socket component combinedGeneric communication foundation for cloud connectors on Cortex-M
Security is provided by Mbed Crypto
IoT Socket can interface with:
• WiFi CMSIS-Driver to connect to various wireless chipsets
• MDK-Middleware network stack
• LwIP (optional, WiP – contributions welcome)
MiddlewareMDK
lwIP
SecurityMbed Crypto
WiFiCMSIS-Driver
SPI,SDIO,UARTCMSIS-Driver
IoT Socket
SecurityMbed Crypto
IoT Socket
SecurityMbed Crypto
Ethernet MACCMSIS-Driver
Ethernet MACCMSIS-Driver
Ethernet PHYCMSIS-Driver
Ethernet PHYCMSIS-Driver
Cloud Connector
25Copyright © 2019 Arm, All rights reserved.
Challenge: System Validation
PSA Functional API Test Suite for testing security functions of TF-M
• API compliance test suite validates Crypto, Secure Storage and Attestation
• Test results are fundament for the PSA Certified program
• These test results give confidence on the system security implementation
Arm Keil MDK includes features for IoT endnote validation
• System Analyzer shows the overall system timing (ISR, threads, user events)
• Component Viewer shows the status of software components
• Event Recorder records timing of events
• Power Measurement with ULINKplus helps to optimize power consumption
Solution: Verification with PSA test and MDK debug features
→ Learn more about IoT System Validation
26Copyright © 2019 Arm, All rights reserved.
Validate Security Functions of TF-M ImplementationRunning the PSA Functional API Test Suite on your implementation
Non-Secure Secure
Device Configuration
TF-M Core Secure Boot
Pla
tfo
rmD
rive
rs
Sto
rage
Cry
pto
Att
esta
tio
n
CMSIS-CORE
RTOS
PSA Test Kit
PSA Test Kit
Gives confidence on system security implementation
VerifiesCrypto, Storage and Attestation
27Copyright © 2019 Arm, All rights reserved.
Timing Analysis of an Embedded SystemCheck run-time status and dynamic software behavior
28Copyright © 2019 Arm, All rights reserved.
Analysis for Software ComponentsEvent Recorder showing status and dynamic software behavior
Dynamic operationwith timing
Status information
Preconfigured for MDK-Middleware, RTX5, and FreeRTOS
Easy to add to custom components
29Copyright © 2019 Arm, All rights reserved.
Analyzing and Optimizing Energy ConsumptionExample: IoT Sensor Interface
Optimizations identified• Triggering sensors with lower current• Read sensors faster with less MCU activity• Identify hardware issues
Trigger sensors Read sensors Transmit
1.5 mA
300 µA
ori
gin
alo
pti
miz
ed
Overall 75% less energy consumed
ULINKplus• Power measurement• 50 Mbps SWO trace• 1 kV isolation• I/O pins for test
automation
30Copyright © 2019 Arm, All rights reserved.
Summary
✓CMSIS-Zone simplifies resource partitioning and clearly shows available resources.
✓Generate consistent setup for access control and software tools.
Device hardware configuration Manage software components System validation
✓ Software packs provide ready-to-use software components (CMSIS, RTOS, TF-M, IoT Socket).
✓ Integration of the CMSIS-Pack system into modern IDEs helps to setup working software on the selected device.
✓ PSA test suite gives confidence in system security configuration.
✓ Keil MDK analyzes complex systems and helps to identify timing or power problems.
TF-M and CMSIS let you focus on application development for secure IoT endpoints.Thus, it becomes as easy as classic embedded systems programming.
Using standard software components
https://community.arm.com/cn/
31Copyright © 2019 Arm, All rights reserved.
Trademark and copyright statementThe trademarks featured in this presentation are registered and/or unregistered trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.
Copyright © 2019
Thank You!
#ArmTechCon