Securing microcontrollers is a challenge, hampered in part by lack of hardware enforced security domains. Creating two security domains typically requires two microprocessors each with a separate Memory Protection Unit (MPU). Arm TrustZone, introduced with the Armv8-M architecture, enables two security processing environments on a single Cortex-M processor (see Using FreeRTOS on Armv8-M Microcontrollers). Once you have separate secure and non-secure processing environments, what do you do with them?

Introducing Trusted Firmware-M

Trusted Firmware-M (TF-M) implements a Secure Processing Environment (SPE) for Armv8-M architecture (e.g. the Cortex-M55, Cortex-M33 and Cortex-M23 processors) and dual-core Cortex-M devices. It is the PSA reference implementation aligning with PSA Certified guidelines, enabling chips, Real Time Operating Systems, and devices to become PSA Certified. As an Open Source project distributed under BSD-3 Clause license hosted in Trusted Firmware Open Governance community project, it is supported on several Cortex-M based Microcontrollers such as NXP LPC55S69, ST STM32L5, and Cypress PSoC 64. FreeRTOS has achieved PSA Functional API Certification using TF-M.

TF-M provides a set of secure services – Crypto, Attestation and Secure Storage. It also provides secure boot through a 2^nd stage bootloader based on mcuboot for authenticating runtime images and updates of the platform. Applications and Libraries in the Non-secure Processing Environment (NSPE) can utilize these secure services with a standardized set of PSA Functional APIs. On Armv8-M devices, TF-M uses Arm TrustZone technology to isolate the NSPE and the Secure Processing Environment (SPE) code and data. Applications running on Cortex-M devices can leverage TF-M services to ensure secure connection with edge gateways and IoT cloud services. It also protects the critical security assets such as sensitive data, keys and certificates on the platform.

Figure 1: Armv8-M based Cortex-M processor with TF-M

TF-M has completed an initial integration with FreeRTOS. This enables applications running FreeRTOS on Cortex-M devices to utilize secure services provided by TF-M via the PSA Functional APIs. The integration has been verified on the Arm Musca-B1 reference platform and is expected to be available on several Cortex-M platforms with TF-M.

Integration with FreeRTOS Kernel

As shown in the figure below, FreeRTOS kernel runs in NSPE and TF-M runs in SPE. FreeRTOS tasks can utilize any TF-M secure services (e.g. Crypto, Secure Storage and Attestation) via the PSA Functional APIs. A Non-Secure Dispatcher forwards the PSA Functional API calls from the tasks to TF-M. The integration with an example can be found on Github. The NSPE can communicate with TF-M using an IPC or function call mechanism which provide different levels of security and isolation. FreeRTOS can use any one of these mechanisms for communication with TF-M depending on the application needs.

Figure 2: Armv8-M based Cortex-M processor with FreeRTOS and TF-M

Integration with PKCS#11

FreeRTOS’s reference IoT integrations provide various libraries and APIs such as Secure Socket, TLS, OTA agent and PKCS#11 (Public Key Cryptography Standard #11) to improve the security of applications.

PKCS#11 APIs are used in FreeRTOS to perform TLS client authentication and import TLS client certificate and private key into the device. PKCS#11 has been integrated with TF-M using a thin shim and verified on the Arm Musca-B1 reference platform. In the integration, the PKCS#11 APIs invoke the appropriate PSA Functional Secure Storage API or Cryptographic API via the shim. This ensures the keys and certificates are protected and the cryptographic operations are performed securely within the SPE of TF-M and is isolated from the kernel, libraries and applications in the Non-secure Processing Environment. Keys and certificates are securely stored on chip storage and external flash respectively. This is enabled by TF-M’s Internal Trusted Storage (ITS) and Protected Storage (PS) services. Signing during TLS client authentication is performed by TF-M’s Crypto service. The example integration on Arm Musca-B1 reference platform as shown in the below picture can be found here along with a Readme. The PSA Functional API Shim is available in FreeRTOS project under the psa folder allowing TF-M enabled platforms to make use of this shim layer.

Figure 3: Armv8-M based Cortex-M processor with FreeRTOS, PSA Functional API shim and TF-M

Table 1 shows the mapping of the PKCS #11 APIs that is used in FreeRTOS and the PSA Functional API that gets invoked during provisioning of key and certificate and TLS client authentication.

What’s Next

The next step is to expand the integration of FreeRTOS security components with TF-M beyond the PKCS#11 interfaces. FreeRTOS OTA agent allows applications to receive, validate and deploy new images on the platforms. Integrating OTA agent with TF-M’s secure boot allows FreeRTOS to authenticate new images within the SPE leveraging all the security capabilities provided by the platform mitigating against any image update vulnerabilities. As the Mbed TLS project starts using the PSA Functional Crypto API for cryptographic operations, all TLS operations initiated by FreeRTOS will invoke TF-M Crypto Service via the PSA Functional Crypto APIs. The current integration and these enhancements will be available on a variety of Cortex-M devices enabled with TF-M simplifying security for developers of FreeRTOS based applications.

Visit Trusted Firmware project to learn more about TF-M and Github to access the FreeRTOS integration on Musca-B1. The PSA Functional API shim in psa folder can be leveraged by FreeRTOS and TF-M enabled platforms

Figure 4: Armv8-M based Cortex-M processor with complete FreeRTOS and TF-M integration