The hardware for Arm’s Cortex-M33, which was announced a couple years ago, is finally being delivered. The Cortex-M33 and smaller Cortex-M23 bring Arm TrustZone security features to microcontrollers. These Arm-v8M security features enable isolation of user applications and include services like secure boot.
STMicroelectronics’ (ST) ultra-low-power STM32L5 (Fig. 1) delivers the security of ARM’s Cortex-M33 core and incorporates its own security features. The Cortex-M33 includes a floating-point unit (FPU) and a memory-protection unit (MPU). The latter provides a split between TrustZone’s trusted and untrusted execution spaces.
1. STMicroelectronics’ STM32L5 delivers the security of Arm’s Cortex-M33 core and includes its own security features.
The STM32L5 family is designed to prevent attacks like malicious code injection, malware replacing an application, and man-in-the-middle attacks. They can also address board-level attacks such as fault injection, side-channel attacks, and cloning attacks.
The STM32L5 extends ARM’s TrustZone trusted and untrusted sections to include privileged and unprivileged sections (Fig. 2). In addition, ST allows peripherals to be assigned to any section providing further security. A fifth section can be included as well. It’s associated with the secure boot support and designated as hide protect. It’s not visible to any other sections.
2. The STM32L5 extends TrustZone’s trusted and untrusted sections to include privileged and unprivileged sections.
The security features are implemented with hardware isolation to address active tampering. The chips support secure key storage and one-time programming (OTP). Hardware crypto acceleration includes support for AES 128/256-bit keys, private key acceleration (PKA), and AES-128 On-The-Fly Decryption (OTFDEC) to protect external code or data. The hardware also has RSA, Diffie-Hellmann and ECC (elliptic curve cryptography) support. There’s a true random number generator (RNG) and each chip has its own unique ID.
Developers will appreciate the IP protection and read-out protection support. The STM32L5 is supported by ST’s certified crypto library.
The 110-MHz Cortex-M33 core delivers 165 DMIPS and 427 CoreMarks. It supports 512 kB of on-chip flash memory and 256 kB of RAM. Off-chip FRAM, NAND and NOR flash, and SRAM support is provided. On- and off-chip memory are supported by ST’s adaptive real time (ART) accelerator with an 8-kB memory cache. Serial storage and peripheral interfaces include HyperBus, SDIO/MMC, QSPI and I2C. CAN-FD is an option as is the crystal-less USB device that’s compatible with USB Type-C Rev 1.2 and PD 3.0 standards. USB speed reaches up to 480 Mb/s.
The system is available with up to 115 I/Os, including capacitive-touch sense support. Versions are available with dual 12-bit ADCs and dual DACs. There’s an on-chip temperature sensor, dual op amps with programmable gain amplifiers (PGAs), and dual comparators.
3. Different power modes provide developers with a range of power-management options.
The family supports a wide range of power-down modes (Fig. 3). The chips have a switched-mode, step-down dc-dc buck converter regulator that can be turned on and off. Standard-temperature and high-temperature grades specified from −40 to 125°C are available.