Multi Zone Security for Arm Cortex-M Devices

Credits: Embedded World Conference 2020 Proceedings,

Abstract —Developing secure Internet of Things devices is becoming more and more difficult. Complex functional requirements are increasingly met with the addition of untrusted 3rd party components. The resulting monolithic firmware presents vastly larger code base, greater attack surface, and increased system vulnerability. In addition, cost and low-power requirements lead to resource-constrained microcontroller architectures. These lack basic hardware security mechanisms and the ability to separate multiple trusted applications from less critical components. A new zero-trust model is required to address the intrinsic security threat posed by the resulting multi-source monolithic firmware. In this paper, we propose a novel approach to embedded security based on hardware-enforced, software-defined separation of multiple, equally secure, functional domains. We start by analyzing why the traditional “two-worlds” model is no longer suitable for modern IoT applications. We then introduce the concept of a lightweight, multi zone, trusted execution environment capable of enforcing security and separation for a multitude of equally-secure functional domains. Finally, we explain the details of the actual implementation of this model in Arm Cortex-M7 processors.



The Internet of Things (IoT) is comprised of billions of interconnected devices that, by definition, are exposed to remote attack – potentially resulting in the most damaging type of cyber threats: distributed denial of service or DDOS. While early design concerns were mostly related to connectivity and interoperability, a multitude of recent high-profile cyberattacks has shown that the success of this new Internet era is heavily dependent on the trust and the security built into these devices [1, 2]. Read more of this post

RISC-V Open Source Processors Ready For Prime Time

Excerpt of my interview with Elektronik
Harry Schubert, Chief Editor
February 2, 2019


Based on the instruction set architecture RISC-V from the University of Berkeley, processor cores are now being developed as IP and SoCs. Cesare Garlati, founder Hex Five Security and chief security strategist at prpl Foundation, follows the development closely.

In the program of this year’s Embedded World Conference, RISC-V dominates the block »Hardware Engineering«. One of the speakers is Cesare Garlati, who accompanies the development of RISC-V and deals intensively with security aspects as a key member of the RISC-V Security Group and founder of Hex Five Security – the first Trusted Execution Environment for RISC-V. In an interview, he talks about the current state of technology.

Mr. Garlati How far has the development of a RISC-V ecosystem progressed?

The RISC-V ecosystem has grown tremendously from its beginnings as a research project at U.C. Berkeley.  As of Q4 2018 the Foundation has more than 220 members in 27 countries, many open source and commercial RISC-V cores are available and a robust ecosystem of peripherals, development and software tools.

Today you can find RISC-V solutions that cover everything from tiny 8-bit microcontrollers to 64-bit quad core running Linux. And even a more powerful 128-bit out-of-order core is in the makings at U.C. Berkeley – BOOM (Berkeley Out of Order Machine).

Read more of this post

RISC-V security: First piece of the puzzle falls into place


By Thomas Claburn

10 Sep 2018 at 20:08



If you’ve been looking at SiFive‘s RISC-V-based chip technology and thinking, y’know what, it’s missing an Arm TrustZone-style element to run sensitive code, well, here’s some good news.

And if you’re just into processor design and checking out alternatives to Arm CPU cores, then this may be some interesting news.

SiFive helps organizations turn semiconductor designs based on the open-source RISC-V instruction set architecture (ISA) into chips. On Monday, it announced it has integrated Hex Five Security’s MultiZone Security trusted execution environment (TEE) into its Freedom SDK.

The technical confection gives companies creating RISC-V chips the tools to implement a security environment comparable to ARM’s TrustZone, though perhaps without past flaws. It should help users of the SiFive toolchain bring security-enforcing silicon to market faster.

Hex Five‘s technology, as its name suggests, allows for the creation of multiple isolated zones in which sensitive code – such as secure boot procedures and cryptographic routines – can run without interference from other programs or operating systems executing at the same time. It works with a Configurator tool that combines the compiled code with a Hex Five nanokernel to run within the secured environment.

Read more of this post