Today's microcontroller products designed for the IoT may come pre-loaded with a range of firmware from different vendors. While TrustZone for Armv8-M helps protect devices from hackers and untrusted parties, there are cases where a fragmented supply chain can cause a higher risk of leaking trade secrets for firmware vendors. In these instances, devices need additional IP protection capabilities. These new capabilities change the debug features, memory protection architecture, and system-level security features of the processor.

This white paper explains the background of these requirements, and how new features in the Armv8.1-M architecture can help chip vendors address these challenges. For example, how the Unprivileged Debug Extension (UDE) feature in Armv8.1-M restricts debug visibility to a specific software partition. This paper will show how debug tools and software must be adapted and why devices require debug authentication support.

By Joseph Yiu, Distinguished Engineer at Arm.
As presented at Embedded World 2020.