5 TrustZone Support
TrustZone Projects
TrustZone for the ARMv8-M technology is enabled in Microchip SAM L11 Microcontrollers and provides hardware-enforced isolation between the trusted and the untrusted resources on the MCU device.
The TrustZone Manager component provides means to configure global TrustZone settings of a SAM L11 MCU, which is based on the Cortex-M23 core.
There are two types of TrustZone for ARMv8-M based projects:
- Secure project: TrustZone Manager component MUST be added into the project to get access to the global TrustZone settings.
- Non-Secure project: Do not add TrustZone Manager component into the project as the Non-Secure project will rely on a Secure project for TrustZone global settings.
Creating a Secure Project
- Create a new project with SAM L11 device.
- Click on Add software component to add TrustZone Manager middleware.
- Once the middleware is added, go to DASHBOARD and select the Project component. The toolchain settings for Atmel Studio will be displayed under the Project component. The toolchain settings for IAR and Keil are not provided in the UI; the user needs to manually select those settings in the respective IDE.
- Compiler miscellaneous flags are populated with ‘-std=gnu99 -mcmse’ settings. The ‘-mcmse’ flag is used to enable the compiler for creating CMSE secure executable files.
- Linker miscellaneous flags are populated with ‘-Wl,--out-implib=libsecure_gateway_veneer.lib -Wl,--cmse-implib’ settings. ‘-Wl,--cmse-implib’ is for generating a secure gateway veneer and a symbol in an import library. If you do not need to generate a secure gateway library, remove this setting and keep the text box empty.
- Select the TrustZone Manager Middleware software component and configure the settings like the different memory secure and non-secure sizes or the peripherals security attribution.
- Hover over the question mark near each setting to know more about those settings.
- The Secure project will create two linker script files based on the above configuration; one for using in the secure project and another for using in the non-secure project that will be created later on.
Creating a Non-Secure Project
- Create a project using SAM L11 device without adding the TrustZone Manager Middleware. Toolchain settings will not be displayed for non-secure projects.