Arm Cortex M35P Armv8-M MCU Core Gets Physical Security with Anti-tampering Features

Armv8 and Armv8-M processor already support Arm TrustZone security,  which aims to prevent software attacks against the target device. However, if a hacker has physical access to the hardware, it may not be sufficient to prevent hacking.

Arm Cortex-M35P core addresses this issue by providing physical (hence the P in the name) security with anti-tampering features that protect against access even with direct access to the hardware.

Highlights of the processor:

  • Architecture – Armv8-M Mainline (Harvard)
  • ISA Support – Thumb/Thumb-2
  • Pipeline – Three-stage
  • Software security – Optional TrustZone for Armv8-M, stack pointers checking
  • Physical security – Built-in protection from invasive and non-invasive attacks
  • DSP Extensions
    • Optional DSP/SIMD instructions
    • Single cycle 16/32-bit MAC
    • Single cycle dual 16-bit MAC
    • 8/16-bit SIMD arithmetic
  • Floating Point Unit – Optional single precision floating point unit,IEEE 754 compliant
  • Co-processor interface – Optional dedicated co-processor bus interface for up to 8 co-processor units for custom compute
  • Memory Protection – Optional Memory Protection Unit (MPU) with up to 16 regions per security state
  • Interrupts – Non-Maskable Interrupt (NMI) and up to 480 physical interrupts with 8 to 256 priority levels
  • Wake-up Interrupt Controller – Optional for waking up the processor from state retention power gating or when all clocks are stopped
  • Sleep Modes – Integrated Wait for Event (WFE) and Wait for Interrupt (WFI) instructions with Sleep On Exit functionality
  • Debug – Optional JTAG and Serial Wire Debug ports. Up to 8 Breakpoints and 4 Watchpoints
  • Trace – Optional Instruction Trace (ETM), Micro Trace Buffer (MTB), Data Trace (DWT), and Instrumentation Trace (ITM)
  • Cache – Instruction cache. Customizable cache parity to create an ECC (error correcting code) for safety applications.
Four type of attacks – Click to Enlarge

Physical protection is achieved though multiple security features including:

  • Uniform-timing to execute instructions in a constant number of cycle to avoid information leaks
  • 100% parity coverage with every flop in the processor is protected with a configurable parity in order to detect random errors and/or injected faults.

I doubt your smart light bulb will come with such physical security, and Arm Cortex M35P – and other Arm “P” processor – will likely be found in high-value applications such as payment terminals, life-sustaining medical devices, and automotive applications.

You’ll find more details on Arm Cortex M35P’s product page, and Arm Community’s blog post. If you are interested in learning more about device security with Arm devices in general, you may want to check out Arm Platform Security Architecture (PSA) resources page.

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

Radxa Orion O6 Armv9 mini-ITX motherboard

Radxa ROCK 5C Lite SBC with Rockchip RK3588 / RK3582 SoC
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
0 Comments
oldest
newest
Boardcon Rockchip RK3588S SBC with 8K, WiFI 6, 4G LTE, NVME SSD, HDMI 2.1...