CoreLockr-TZ™ - Simplifying Access to TrustZone for ARMv8-M®

CoreLockr-TZTM is a lightweight service dispatch layer that simplifies accessing security capabilities offered by TrustZone for ARMv8-M. It abstracts complex aspects of the new architecture by presenting a suite of services for accessing resources secured by TrustZone for ARMv8-M.

ARM’s new v8-M architecture allows developers of microcontroller-based devices to isolate sensitive information into a secure domain (secure memory), while non-critical elements of an application are executed in non-secure domains (non-secure memory). CoreLockr-TZ offers a simpler way to access resources enabled in the secure domain.

  • Simplify application development.
  • Reduce development cost.
  • Improve time to market.
CoreLockr-TZ Diagram

CoreLockr-TZ represents secure resources as services in the non-secure domain for application developers to call from within their application. A single instance of CoreLockr-TZ acts as a single point of access for all secure services. Applications merely make requests to the appropriate API for a particular secure service. CoreLockr-TZ handles transport of the request and the response. Developers need not concern themselves with the underlying hardware implementation and can focus on building applications. The result is standardized security implementations, simplified development, faster time to market, and lower costs.

APIs & Services

Main Services API
CoreLockr-TZ Service API
Defines client interaction with services & other APIs.

Additional APIs
Authentication API
Supports multiple authentication mechanisms including:

  • Fido
  • Username & password
  • Pre-shared key

Additional APIs
Cryptographic API
Provides access to the cryptographic hardware interfaces including:

  • Digests/Hashing
  • MAC
  • Symmetric encryption / decryption
  • Authenticated encryption / decryption (AES/GCM, AES/CCM)
  • Asymmetric encryption / decryption
  • Asymmetric signatures & verification
  • Asymmetric key derivation

Additional APIs
Notification API
Simple mechanism for notifying or broadcasting to remote systems.

  • e.g. Edge devices sending event changes such as change in signature

CoreLockr-TZ Services
CoreLockr-TZ Services Registry
Database of available services maintained in memory containing all the information needed to dispatch client requests correctly.

CoreLockr-TZ Services
Key Management Services
Supports deployment of cryptographic hardware & software.

  • Plain text keys only handled in secure memory
  • In non-secure memory, key material is wrapped in a device-specific AES 128-bit key
  • They are assessed by applications only through CoreLockr Crypto API via 32-bit handles
  • Multiple options for exporting keys

CoreLockr-TZ Services
Cryptographic Services
Provides access to the cryptographic hardware interfaces including:

  • Symmetric & asymmetric cryptography supporting a variety of algorithms
  • Drivers for Security IP block
  • Cryptographic library with a documented API
  • Service for queue management & key handling

Device Makers: Implement a Consistent Security Strategy

Standardize Security Across Products

CoreLockr-TZ enables developing standardized methods for developers to access hardware components across products—even if those components are different across multiple products. For example, CoreLockr-TZ can help standardize access to cryptographic functions across devices built using Cortex®-M platforms. This “best practices” approach contributes to higher quality and lower error rates.

Develop Custom Services

Developers may create and register custom services with CoreLockr-TZ and make available them to other developers to consume.

Get the Hard Bits Right

CoreLockr-TZ’s development model abstracts the underlying hardware implementation and the associated complexity. This simpler approach translates to fewer errors, shorter testing times and lower cost.

Security Use Cases
  • Firmware, IP protection
  • Device authenticity
  • Data protection
  • Secure Communication
  • Secure firmware update
  • Secure peripherals
  • Secure factory provisioning

Silicon Vendors: Differentiate Hardware Products

Integrated Solution

Integrating CoreLockr-TZ with microcontroller platforms results in customers being able to utilize hardware faster for prototyping and product development. Corelockr-TZ facilitates flexible implementation of its APIs and services to support a wide range of security scenarios. CoreLockr-TZ can be integrated as part of the BSP, or as part of a larger software suite, and integrated with a silicon provider’s suite of development tools.

Faster Market Adoption

Ease of use and immediate applicability leads to faster adoption and more design wins. With CoreLockr-TZ, FAEs can present a solution that immediately addresses customers’ needs from a hardware and software perspective.

Supported Platforms

ARM logo

ARMv8-M based microcontroller and implementing TrustZone for ARMv8-M. CoreLockr-TZ can be implemented on bare metal or with an RTOS.

For more information about the CoreLockr-TZ and its capabilities, please Email us.

CoreLockr-TZTM Product Overview