ARM launched its first Cortex-M MCUs with ARMv8-M and TrustZone security: the tiny, low-power Cortex-M23 and faster Cortex-M33.
At the ARM TechCon show in Santa Clara, ARM unveiled two new Cortex-M microprocessors that will likely emerge as major Internet of Things workhorses over the coming decade, supplanting most existing Cortex-M designs. The Cortex-M23 and Cortex-M33 are also the first Cortex-M processors with ARMv8-M technology, enabling ARM TrustZone security, among other benefits. The TrustZone support is enabled via a new IoT-oriented CoreLink SIE-200 network-on-chip, which adds IP blocks on top of the AMBA 5 AHB5 interface. ARM also announced a TrustZone CryptoCell-312 technology for creating secure SoCs based on ARMv8-M.
The Cortex-M23 fills the gap between Cortex-M0 and Cortex-M0+ cores on the low end, while the -M33 falls in between the Cortex-M3 and -M4. They both, however, essentially replace all these forebears. When you consider that more than 22 billion Cortex-M enabled chips have shipped over the last decade, and that demand is rising for IoT applications, the impact should be huge. The IP will initially appear in processors from Analog Devices, Microchip, Nuvoton, NXP, Renesas, Silicon Labs, and STMicroelectronics
ARM Cortex-M33 (left) and Cortex-M23 block diagrams
(click images to enlarge)
The new Cortex-M designs, which use Baseline (Cortex-M23) and Mainline (Cortex-M33) versions of the ARMv8-M ISA, are backwards compatible with ARMv6-M and ARMv7-M architectures. The Cortex-M23 is upward code compatible with the -M33, says UK-based ARM, which was recently acquired by Japan’s SoftBank for $31 billion.
The IP that we’ll most likely see showing up on hacker boards is the Cortex-M33. The design offers 20 percent greater performance than the Cortex-M4, but even using TrustZone, it still has the same energy efficiency, says ARM. According to a Semiaccurate report from Thomas Ryan, the Cortex-M33 is about 80 percent smaller than ARM’s energy efficient Cortex-A5 application processor.
The Cortex-M33 is optimized for deterministic, real-time operations, and has optional DSP/SIMD instructions. Other options include a single precision floating point unit, a memory protection unit (MPU) with up to 16x regions per security stat, and a wake-up interrupt controller. The Cortex-M33 furnishes a dedicated interface to up to 8x co-processor units for extended functionality, and it supports “a wide range of diverse applications ranging from connected Bluetooth IoT nodes to smart motor controllers,” says ARM.
The Cortex-M23 is about a third the size of the Cortex-M33 while providing more than twice its energy efficiency. With TrustZone, it draws the same power as the Cortex-M0+, says ARM. The processors are efficient enough to support secure, “energy harvesting IoT nodes,” says the chip IP designer.
While the Cortex-M33 has a three-stage pipeline, the smaller Cortex-M23 has two stages, and there’s no DSP option. Like the Cortex-M33, the -M23 supports TrustZone and Thumb/Thumb2, and has an optional MPU and wake-up interrupt controller. There’s also a nested vectored interrupt controller (NVIC), so you don’t need to add an external controller. Other features include flexible sleep modes and debug with embedded trace.
The first ARM MCU architecture to add ARMv8 was the higher end, but less widely used Cortex-R, but it didn’t bring TrustZone along for the ride. The ARMv8-R project, which began to take off around the time ARM announced its Mbed OS in 2014, resulted in the new Cortex-R52 design, which is aimed at autonomous car applications.
Like ARMv8-M, ARMv8-R is 32-bit, but it borrows features from the 64-bit ARMv8-A such as hardware-based virtualization and a more advanced MPU. ARMv8-R is said to enable safety-critical embedded applications like automotive computers to run RTOSes, bare metal code, and even integrating Linux and Android on a single processor.
ARM Mbed Cloud
Not surprisingly, ARM is pushing its own Mbed OS, Mbed IoT Device Platform, and newly announced ARM Mbed Cloud SaaS solution as the chief development platform for its new ARMv8-M chips. Other RTOSes are also said to be supported. ARM Mbed Cloud is said to simplify connecting, securing, provisioning, and updating of Mbed-based devices across complex networks. General availability is expected in 1Q 2017.
Presumably, Cortex-M33 SoCs that add memory controllers could also run uClinux. ARM did not address what it would do with its high-end, uClinux ready Cortex-M7, which now sits between the Cortex-M33 and the Cortex-R.
No standard, full-bodied Linux distribution can sail in these waters. Devices running Cortex-M33 and M-23, will instead be connected with smart edge devices and gateways running Linux and other advanced operating systems on Cortex-A processors. These also often run TrustZone, enabling a system-wide approach to IoT security.
Assuming that TrustZone is as rock solid as ARM says it is — earlier this year Qualcomm’s TrustZone implementation was revealed to have been compromised — ARMv8-M with TrustZone gives ARM a new tool for battling Intel in the mid- to high-range “fog computing” segment of IoT where Linux lives. This week, Intel announced a major new 14nm, Atom E3900 “Apollo Lake” processor design for fog computing IoT.
The issue of IoT device security came to a head last week with the Mirai botnet based distributed denial of service attack (DDoS) attack on the Dyn service, bringing down much of the public Internet for a day in the U.S. The IoT devices that were hijacked by the attack, however, were higher-powered devices running Linux.
CoreLink SIE-200 and CryptoCell-312
ARM’s new CoreLink SIE-200 network-on-chip design provides a mix of backplane IP designed for building IoT devices using ARMv8-M based chips that include TrustZone. Pre-verified for ARMv8-M, CoreLink SIE-200 builds upon the AMBA 5 AHB5 interface with IP blocks that comprise a security framework built around TrustZone.
CoreLink SIE-200 provides per-transaction security signaling to enable hardware-enforced isolation with efficient sharing of memory and peripherals among secure and non-secure applications, says ARM. The design also enables parts of the MCU to be powered down when not in use. Development is enabled with ARM Mbed OS, Keil MDK, ARM Socrates IP Tooling, and multiple RTOSes.
CoreLink SIE-200 (left) and CryptoCell-312 block diagrams
(click images to enlarge)
ARM also announced a CryptoCell-312 cryptography accelerator that can be loaded onto the CoreLink SIE-200 framework. This hardware/software solution provides SoC-wide asymmetric and symmetric crypto, roots-of-trust access policy, a random number generator, and more.
ARM Cordio development flow
(click image to enlarge)
Chip designers can also add a newly announced Cordio radio IP stack onto the CoreLink SIE-200 framework, providing expanded, low-power Bluetooth 5 and 802.15.4 support. ARM’s Cordio is touted for offering greater flexibility, for example, letting you to run Bluetooth and 802.15.4 radios like ZigBee or Thread on the same device.
The Cortex-M23 and Cortex-M33 designs appear to be available now, along with the related CoreLink, CryptoCell, and Cordio IP. More information may be found in ARM’s announcement, as well as at ARM’s Cortex-M33 and Cortex-M23 product pages.