Review on SAM L11 Processor, Architecture, and Security

Features
Jella Kate L. Flores
College of Electrical Engineering and
Technology
Mindanao State University-Iligan
Institute of Technology
Iligan City, Philippines
jellakate.flores@g,msuiit.edu.ph
Jahziel M. Jalon
College of Electrical Engineering and
Technology
Mindanao State University-Iligan
Institute of Technology
Iligan City, Philippines
jahziel.jalon@g,msuiit.edu.ph
Kimberly Conje
College of Electrical Engineering and
Technology
Mindanao State University-Iligan
Institute of Technology
Iligan City, Philippines
kimberly.conje@g,msuiit.edu.ph

Abstract—IoT security is an essential key for the development
of devices or embedded applications, if not taken seriously IoT
nodes would be vulnerable to hardware and software attacks
endangering the user's personal information. The SAM L11 family
of MCUs takes IoT security as its main function with its low
power-consumption that is ideal for developers to use for IoT
innovations. This paper presents the integration of the TrustZone®
technology for the ARMv8-M and Cortex-M23 processor to the
SAM L11 family of MCUs for the IoT robust and energy-efficient
security.
Keywords—microcontroller, processor, architecture, security
features, SAM L11
I. INTRODUCTION
With the increasing development of IoT endpoints and
the increased frequency of security breaches, security in IoT
devices has become even more essential. The MCU families
of SAM L10 and SAM L11 provide the solution to these
IoT innovations and embedded applications issues with
security, power-efficiency, and touch application. It has
industry-leading security for its performance class and is the
industry's first Arm® Cortex®-M23 with robust chip-level
security features and Arm® TrustZone® for Armv8-M.
bytes of RAM, secure boot, secure key storage, secure
bootloader, and crypto accelerator.
The SAM L11 family of MCUs utilizes some functions of
the Arm® Cortex®-M23 processor that is one of the newest
and highly popular Cortex-M processors and was developed
for high-performance, low-cost platforms for a broad range
of devices. The Cortex®-M23 processor is a configurable,
two-stage, 32-bit RISC processor. It has an AMBA 5 AHB
interface and includes an NVIC component. With the
TrustZone® technology added to its security foundation, its
optional hardware debug, single-cycle I/O interfacing, and
memory-protection functionality it takes security to the most
constrained IoT devices and embedded applications.
This paper presents an in-depth review of the utilization of
the functions from the Arm Cortex®-M23 processor with
the Arm® TrustZone® technology for Armv8-M
architecture to SAM L11 family of MCU.
II. REVIEW OF RELATED LITERATURE
ARMv8-M architecture is a 32-bit architecture based on
the existing ARMv6-M and ARMv7-M architectures and
has most features of the Cortex®-M programmer’s model. It
paves the way for highly scalable, cost-effective families of
microcontroller. It also introduces a hardware security
model that is a foundation for secure connected devices
(Fig. 2.1). This figure is obtained from [cite].

Figure 1.1 SAM L10/L11 ARM® Cortex®-M23 MCUs

Implementation of security is simple since it has integrated
hardware security features that are incorporated in a small
footprint MCU that is supported by a comprehensive
security software and support framework. It is the industry's
lowest power MCU in its performance class. These MCUs
deliver ultra-low currents in both modes; active(under 25
uA/Mhz) and sleep(100 nA). The three variants of this
MCU family are SAM L10 which is a general-purpose Fig. 2.1 The ARMv8-M architecture consist of mainline and baseline
variant and SAM L11 and SAM L11-KPH which are profiles which are analogous to the ARMv6-M and ARMv7-M
enhanced secure variants. These families of MCUs come in architectures.
24-pin and 32-pin package options. They run at 32 MHz
with Arm® Cortex®-M23 core and go up to 64 KB flash The ARMv8-M architecture also introduces an important
and 16 KB SRAM. The security features include Arm® new hardware security extension called TrustZone® which
TrustZone® technology, chip-level tamper resistance on 256 is available in both the Mainline and Baseline profiles.

XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE

A. ARMv8-M Baseline Profile ● The use of PMSAv8 enables improved flexibility in the
This sub-profile is similar to the ARMv6-M but with optional MPU region definition.
significant system level feature enhancements. It is for ● Enhancements in breakpoint and watchpoint units
processor designs with a simpler instruction set and low gate which provides better debug capabilities.
count which is ideal for a wide range of ultra-low power
designs. The Cortex-M23 processor is a configurable, two-stage,
32-bit RISC processor that also supports the Security
[cite]Instruction set enhancements include: Extension. It has an AMBA 5 AHB interface and includes
● Signed and unsigned integer divide. an NVIC component. It also has optional hardware debug,
● Wide immediate moves. single-cycle I/O interfacing, and memory-protection
● Compare and branch, and long branch instructions. functionality. Figure 2.2 is obtained from [cite]
● Exclusive memory access instructions for semaphore
support enhancement for multiprocessor systems.
● Instructions for enabling TrustZone® technology support
for ARMv8-M.
● Memory access instructions for C++11 atomic data types
(load-acquire and store-release instructions).

[cite]System level feature enhancements include:

● Supports up to 496 interrupts which has more compared
to only up to 32 interrupts for ARMv6-M architecture.
For power efficiency reasons, so many interrupts might
never be fully implemented.
● Interrupt active bits for dynamic reprioritization of
interrupts.
● Optional TrustZone® technology for the ARMv8-M
architecture.
● Improved flexibility in Memory Protection Unit (MPU)
region definition using the Protected Memory System
Architecture(PMSA) v8.
● Better debug capability, including enhancements in
breakpoint and watchpoint units. Fig. 2.2 The functional blocks of the Cortex-M23 processor.

B. ARMv8-M Mainline Profile

ARMv8-M mainline architecture is similar to the
ARMv7-M but with significant architectural improvements.
It has increased instruction set for complex data processing
which is convenient for better software designing in
mainstream microcontroller products and high-performance
embedded systems.
Micro Trace Buffer (MTB) - provides a lighter option for
instruction trace requirements for software development.
Unlike the Embedded Trace Macrocell (ETM) or the
Program Trace Macrocell (PTM) trace solutions, the MTB
does not require dedicated trace connection. However, the
amount of trace history provided by the MTB is limited by
the size of SRAM allocated for trace operations.[cite]

[cite]Additional architecture fundamentals include:
● An expanded 32-bit instruction set that provides
improved performance when compared to the
ARMv8-M baseline architecture.
● An optional integer Digital Signal Processing (DSP) for
efficient signal processing.
● An optional floating-point extension architecture with
support for single-precision floating-point and optional
support for double-precision floating-point operations.
● Optional coprocessor support for hardware acceleration.
[cite]The ARMv8-M mainline architecture has the
following upgrades over the ARMv7-M architecture:
● Test Target Memory (TT) instruction.
● Memory access instructions for C++11 atomic data
types (load-acquire and store-release instructions).
[cite]System level feature enhancements include:
● Optional TrustZone® technology for the ARMv8-M
architecture.
Cross Trigger Interface (CTI) - Enables the debug logic
and the ETM to interact with each other and with other
CoreSight components.[cite]
Embedded Trace Macrocell (ETM) - is a real-time trace
module providing instruction and data tracing of a
processor. An ETM is an integral part of an ARM
RealView® debug solution[cite]
Nested Vectored Interrupt Controller (NVIC) - The
NVIC supports four programmable levels of priority while
AIRCR.PRIS increases the levels to eight, as it splits Secure
and Non-secure priorities. The NVIC and the Cortex-M23
processor core are closely coupled, providing low latency
interrupt processing and efficient processing of late arriving
interrupts. [cite]
Wake-up Interrupt Controller (WIC) - enables the
processor and NVIC to be put into a very low-power sleep
mode leaving the WIC to identify and prioritize interrupts
and event.[cite]
Data Watchpoint and Trace (DWT) - DWT
implementation provides between zero and four watchpoint
register sets. A processor that is configured with zero
watchpoint implements no watchpoint functionality and the
ROM table shows that no DWT is implemented.[cite]
Flash Patch and Breakpoint Unit (FPB)* - FPB
implementation provides between zero and four breakpoint
registers. A processor that is configured with zero
breakpoints implements no breakpoint functionality and the
ROM table shows that no FPB is implemented.[cite]
Processor ROM table - The ROM table identification
registers and values that the following table shows allow
debuggers to identify the processor and its debug
capabilities.[cite]
Bus matrix - arbitrates the processor core and optional DAP
memory accesses to both the external memory system and to
the internal NVIC and debug components.[cite]
SAM L11 provides countermeasures against security threats
on the IoT nodes which are prone to security threats like
malicious software attacks, vulnerable firmware upgrades,
microprobing, data remanence, and communication attacks.
It offers TrustZone® and an immutable secure boot to
counteract malicious software attacks. It has a secure
bootloader and secure key storage to minimize the risk of
vulnerable firmware upgrades. Chip-level tamper resistance
and silent access to resist microprobing and data remanence
attacks. It also has an onboard cryptographic accelerator to
help prevent man-in-the-middle attacks and secure key
storage to protect the encryption keys.
III. METHODOLOGY
SAM 11 PROCESSOR AND ARCHITECTURE
ANALYSIS
The SAM L11 implements the Arm® Cortex®-M23
processor, based on the ARMv8-M Baseline Architecture,
which is the smallest and most energy-efficient Arm
processor with Arm TrustZone® security technology [1].
Table 1. SAM L10/L11 Cortex-M23 Configuration
Table 1 shows the configurable options for the core as well
as which options are enabled for the SAM L11
implementation:
● Memory Protection Unit- By defining memory
attributes for different memory regions, MPU improves
system reliability. There are two MPUs on SAM L11
devices: one for the Secure state and one for the
Non-Secure state. Each MPU can independently define
memory access permissions and attributes. [3]
● Implementation Defined Attribution Unit (IDAU)-
In the SAM L11 Cortex-M23 Core implementation, the
security management is done using the Implementation
Defined Attribution Unit (IDAU). The IDAU interface
controls the access to the execution of specific
instructions which are based on the current core
security state and the address of the instruction. [2]
● System Timer (SysTick)- It is a 24-bit timer that
enhances both the processor and the NVIC's
functionality. On SAM L11 devices, there are two
System timers, one for the Secure state and one for the
Non-Secure state.
● Nested Vectored Interrupt Controller (NVIC)-The
NVIC and the Cortex-M23 processor core are tightly
coupled, allowing for low latency interrupt processing
as well as efficient handling of late arriving interrupts.
There are two Vector tables on SAM L11 devices: the
Secure Vector table and the Non-Secure Vector table.
● Single-Cycle I/O Port Bus (IOBUS) - For high-speed,
single-cycle access to certain peripherals, the
Cortex-M23 processor implements a dedicated
Single-Cycle I/O Port Bus (IOBUS). The IOBUS is
memory-mapped and can perform all load and store
operations.
● System Control Block (SCB)-The System Control
Block (SCB) provides system implementation
information and system control. This includes
configuration, control, and reporting of the system
exceptions.
 SAM L11 SECURITY FEATURES ANALYSIS
Arm TrustZone Technology for Armv8-M
The SAM L11 incorporates Arm TrustZone technology
to protect against remote software attacks. It divides the
MCU into trusted and non-trusted zones and provides
hardware isolation to protect keys and sensitive
information from non-trusted zones. The main goal of
the TrustZone for a ARMv8-M device is to simplify
security assessment of a deeply embedded device. The
principle behind the ARM® TrustZone® for a
ARMv8-M embedded software application is illustrated
in the figure below..
Figure 3. Secure/non-secure embedded application
● System Start- After power-on or reset, an ARMv8-M
system starts code execution in the secure state.
● User Application- Control can be transferred to the
non-secure state to execute user code. This code can
only call functions in the secure state, which are marked
for execution with the SG (secure gate) instruction and
additional memory attributes. Any other attempt to
access memory or peripherals that are assigned to the
secure
● Firmware callbacks - Code running in the secure state
can execute code in the non-secure state using call-back
function pointers. For example, a communication stack
(protected firmware) could use an I/O driver that is
configured in user space.
● Secure software can access both Secure and
Non-Secure memories and resources, while Non-Secure
software can only access Non-Secure memories and
resources. In the SAM L11 devices where TrustZone is
implemented, the system starts up in Secure state by
default.
● This selection of secure vs. non-secure code and
peripheral sets requires knowledge of possible attacks
and threat models. Functions should be in the
non-secure space by default, as any code inside the
secure space could be a possible attack vector to bypass
the security mechanisms.[5]
● The chip-level security incorporated into SAM L11
MCUs is based on ARM TrustZone technology to help
protect against both physical and remote attacks plus a
comprehensive security solution framework to simplify
the implementation of security. IoT nodes driven by a
SAM L11 provide strong resistance to remote software
attacks, thereby increasing the reliability and avoiding
any downtime of the critical functions of the nodes. [9]
IV. CONCLUSION
In conclusion, we studied how the family of Microchip’s
SAM L11 family of MCUs takes an innovative approach to
address increasing security concerns by integrating and
implementing a wide variety of peripherals of the Arm
Cortex-M23 processor and including security features. The
combination of security offered by Arm TrustZone for
ARMv8-M and additional hardware-enforced security was
shown to help protect devices from cloning and intellectual
property theft through providing hardware isolation to
protect keys and sensitive information from non-trusted
zones. ( UNSAY ADVANTAGE SA SAM L11 AMONG
OTHERS in simpler terms) [ASA SYA]
ACKNOWLEDGMENT (Heading 5)
The preferred spelling of the word “acknowledgment” in
America is without an “e” after the “g”. Avoid the stilted
expression “one of us (R. B. G.) thanks ...”. Instead, try “R.
B. G. thanks...”. Put sponsor acknowledgments in the
unnumbered footnote on the first page.
REFERENCES
The template will number citations consecutively within
brackets [1]. The sentence punctuation follows the bracket
[2]. Refer simply to the reference number, as in [3]—do not
use “Ref. [3]” or “reference [3]” except at the beginning of a
sentence: “Reference [3] was the first ...”
Number footnotes separately in superscripts. Place the
actual footnote at the bottom of the column in which it was
cited. Do not put footnotes in the abstract or reference list.
Use letters for table footnotes.
Unless there are six authors or more give all authors’
names; do not use “et al.”. Papers that have not been
published, even if they have been submitted for publication,
should be cited as “unpublished” [4]. Papers that have been
accepted for publication should be cited as “in press” [5].
Capitalize only the first word in a paper title, except for
proper nouns and element symbols.
For papers published in translation journals, please give
the English citation first, followed by the original
foreign-language citation [6].
[1] https://microchipdeveloper.com/32arm:saml11-processor-overview
[2]
http://ww1.microchip.com/downloads/en/AppNotes/SAM-L11-Securi
ty-ReferenceGuide-AN-DS70005365A.pdf
[3]
https://ww1.microchip.com/downloads/en/DeviceDoc/SAM-L10L11-
Family-Data-Sheet-DS60001513G.pdf
[4] Using TrustZone for Armv8-M. (n.d.). Using TrustZone for Armv8-M;
www.keil.com. Retrieved May 26, 2022, from
https://www.keil.com/pack/doc/CMSIS/Core/html/using_TrustZone_
pg.html
[5] https://tches.iacr.org/index.php/TCHES/article/view/8347/7696
[6] Menasveta, T., Soubra, D., & Yiu, J. (2016). Introducing arm
cortex-M23 and cortex-M33 processors with TrustZone for armv8-M.
Design And Reuse. Retrieved June 3, 2022, from
https://www.design-reuse.com/articles/41791/arm-cortex-m23-m33-pr
ocessors-with-trustzone-for-armv8-m.html?fbclid=IwAR2QbRxMllZr
kE4m1LfUtDH1hwVtHE1mcEuYZkgi6nG3kBZIE0Uumvb74wQ
[7]
https://developer.arm.com/Processors/Cortex-M23#Technical-Specifi
cations
[8] https://www.arm.com/products/silicon-ip-cpu/cortex-m/cortex-m3
[9] Gazmer, J. (2018). element14 Announces Availability of Microchip
SAM L10 and SAM L11 Evaluation Kits [web log]. Retrieved June 1,
 2022, from/.
https://www.bisinfotech.com/element14-avails-microchips-sam-l10-sa
m-l11-evaluation-kits/
IEEE conference templates contain guidance text for
composing and formatting conference papers. Please
ensure that all template text is removed from your
conference paper prior to submission to the
conference. Failure to remove template text from
your paper may result in your paper not being
published.