Global training solutions for engineers creating the world's electronics

Arm TrustZone-M for Cortex-M23/M33 ONLINE

Duration: 2 sessions (7 hours per session, including breaks)

PLEASE NOTE: This is a LIVE INSTRUCTOR-LED training event delivered ONLINE.

It covers the same scope and content as a scheduled in-person class and delivers comparable learning outcomes.

Find out more about Doulos Online training here, including access details »

With the ever increasing range of applications for Arm® microcontrollers, from simple environmental monitors, through to automotive components and complex consumer appliances, the issue of security when developing these devices has never been so crucial.

This course covers the security aspects of software design in Arm's latest v8-M processors (including the Cortex®-M23 and Cortex-M33) that utilize TrustZone v8-M Security Extensions. The training includes architecting the software, configuring the secure side, accessing secure APIs from the non-secure side and dealing with exceptions.

The workshops are based around carefully designed exercises investigating features of the TrustZone-M architecture and their practical application. If you have specific security application requirements, please contact the Doulos team to discuss your options.

This course is also an ideal follow-on from the Developing with Arm Cortex-M class for delegates interested in the Cortex-M23/M33/M35 & M55 security features.

Non-security topics (such as understanding the use of DSP instructions or the floating-point unit, optimization and standard debugging techniques) are covered in other courses. See Arm Cortex-M23/33 Software Design Online.

This course is aimed at electronic hardware, software and system-on-chip engineers who need to gain a working knowledge of this new security architecture. This could include:

  • Software architects deciding how to partition software targeted for an Arm v8-M processor.
  • Embedded programmers implementing designs that utilize this technology.
  • Software engineers designing secure software for an Arm v8-M Mainline or Baseline embedded processor.
  • Code reviewers and Quality Assurance team members taking a critical look at the product.
  • How the SAU and IDAU interact
  • How to get into and out of TrustZone security states
  • Understanding how registers are affected and where programmers need to take care
  • Reducing overhead with CSME compliant compilers
  • Reducing security impacts to non-secure software
  • How to build non-secure software
  • Impacts to latency caused by transitions
  • Configure the Security Attribution Unit
  • How violations are caught
  • How to debug secure code
  • Prevent non-secure access to debug resources

Delegates should have good knowledge of embedded systems, and a basic understanding of embedded programming in C and assembler. Solid knowledge of the Cortex-M architecture (M0+, M3, M4 or M7) is required. Alternatively, prior attendance of Developing with Arm Cortex-M Online. Please contact Doulos directly to discuss and assess your specific experience against the pre-requisites.

Doulos training materials are renowned for being the most comprehensive and user-friendly available. Their style, content and coverage are unique in the Embedded Systems training world, and have made them sought after resources in their own right. The materials include:

  • Fully indexed class notes creating a complete reference manual
  • Workbook full of practical examples and solutions to help you apply your knowledge


The training materials for this class are based on Arm's own material and supplemented by Doulos’ own lecture modules and hands-on exercises to provide students with the most practical and thorough information to achieve a well-rounded knowledge of the subject. Doulos is a global Arm Approved Training Partner.

Arm v8-M Introduction

  • Arm-v8M background
  • Safety consideration
  • TrustZone in a nutshell
  • System level security features


Cortex-M23/33 Processor Core

  • Cortex-M23/33 Processor
  • Cortex-M23/33 Pipeline
  • Cortex-M23/33 Hardware features


Arm v8-M Programmer's model

  • General purpose registers
  • Stack enhancements
  • Privileges and modes
  • Vector tables and handlers
  • Secure and non-secure world transition
  • Context preservation and recovery


TrustZone for Arm v8-M Overview

  • Memory Security
  • SAU Configuration
  • IDAU


ARMv8-M Memory Protection

  • Memory Map
  • Memory Regions
  • Memory Attributes
  • MPU Programmer's model
  • Configuring the MPU
  • Memory Management Faults


TrustZone for Arm v8-M Exception Handling

  • Core in th Reset State
  • Taking an IRQ
  • Returning from IRQ
  • Configuring IRQ
  • Pre-emption an Tail-chaining
  • Other Exception


TrustZone for Arm v8-M Toolchain Support

  • Arm C Language Extensions
  • Calling non-secure code from secure code
  • Calling secure code from non secure code
  • Compiler and Linker security extenstions
  • Configuring the SAU with CMSIS


Appendix (Based on interest and time available)


Armv8-M Secure Software Design Considerations  

  • Introduction to Low Level Software Security
  • Classic Low Level Software Attacks
  • Design For Testing
  • Principles
  • Methodologies
  • Paradigms
  • Conclusion

The tool-chain required for the exercises are provided within a self contained virtual machine. The student is only required to install the VirtualBox software on her/his Windows/Linux/Mac host machine. The remaining tools and exercises files are pre-configured and located inside the Virtual Machine to be run locally. The VM can be used for day do day embedded software development and allows the student to continue or redo his exercises even after the course has ended.

The exercises are designed to run on the provided NUCLEO STM32L552 board. This board is kept by the student at the end of the class.

For team-based training, the NXP LPC55S69-EVK board is supported in a Windows 10 only environment. This requires installation of the MCUXpresso tool prior to the class.

Part 1: Tool Flow

Part 2: Security Attribution Unit Configuration

Part 3: Configuring the non-secure world

Part 4: Transition to the non-secure world

Part 5: Using Arm cmse attributes for non-secure calls

Part 6: Using Arm cmse attributes for secure calls

Part 7: Identifying the source of a function call

Part 8: Checking a data array address range

Part 9: Accessing secure data from a non-secure application

Part 10: Illegal access to a secure function from the non secure word

Course Dates

10 Jun 2024 ONLINE EurAsia Enquire
12 Aug 2024 ONLINE EurAsia Enquire
07 Oct 2024 ONLINE EurAsia Enquire

Looking for team-based training, or other locations?

Complete an enquiry form and a Doulos representative will get back to you.

Enquiry FormPrice on request

Next dates for this course