We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned
Learn how TrustZone-M's CPU-level protections fall short of system-wide memory safety, and discover crucial lessons about DMA attacks, security implementation & PSA compliance.
-
TrustZone-M provides only CPU-level protections and lacks system-wide memory protection, making it vulnerable to DMA-based attacks
-
The lack of Memory Protection Controllers (MPCs) in implementations like Microchip SAML11 makes it difficult to achieve PSA Level 2/3 security despite marketing claims
-
There’s a problematic assumption that OEM developers can be fully trusted with DMA mediation, when they should instead have controlled/mediated access
-
Hardware providers should implement protections at the system level, not just CPU level, including proper DMA mediation and memory protection controllers
-
Attestation alone is not sufficient - it’s orthogonal to the core memory protection issues identified
-
The gap between TrustZone-M capabilities and PSA security level requirements needs better alignment and clarity
-
System designers need to carefully evaluate both hardware and software security capabilities when building secure systems
-
Software-based DMA mediation can be implemented as a workaround but hardware-based protection is preferable
-
Current implementations often lack proper isolation between privileged/unprivileged modes in both secure and non-secure worlds
-
The evaluation SDK versions may have different security properties than production versions, making proper security assessment difficult