Secure IoT Firmware For Cortex-M Processors

Credits: Embedded World Conference 2021 Proceedings, http://www.embedded-world.eu

Abstract — Developing secure IoT applications is challenging. Traditional Arm(v7) Cortex M devices lack TrustZone like functionality for the safe execution of the many 3rd party components of the software stack. And the upgrade to new Cortex M devices with TrustZone inexorably leads to a lengthy and expensive system redesign. In this paper, we introduce an alternative path to a TrustZone upgrade, based on an innovative hardware-enforced software-defined Trusted Execution Environment. We describe and detail all software components necessary to build a complete state-of-the-art secure IoT firmware for any Cortex M device – with or without TrustZone. These include the MultiZone Trusted Execution Environment, TCP/IP connectivity, TLS/ECC cryptography, and MQTT client providing telemetry and OTA updates. All components are built on free and open standards, distributed under permissive licensing, and freely available for download from GitHub.

INTRODUCTION

Building secure IoT firmware is challenging. State-of-the-art security features like secure boot, authenticated access to commercial cloud services, and over-the-air (OTA) firmware updates require a number of complex 3rd party software components [1,2]. These libraries are difficult to integrate, expose the system to increased attack surface, and inevitably lead to the dangerous execution of trusted and untrusted code in the same chip – where one single faulty instruction has the potential to compromise the integrity of the whole system – i.e., software vulnerabilities and backdoors [1,3]. Read more of this post