Feature parity of trussed on M33 and M4 hardware

[suntorytimed]

Hi,

I would like to ask if trussed will ensure feature and security parity on both Cortex-M4 and Cortex-M33 platforms. Considering that Nitrokey recently announced a downgrade of their next-gen Nitrokey 3 to a Cortex-M4 base this might influence my hardware choice. To my knowledge Cortex-M33 provides a much improved security architecture or am I wrong in this perception?

Cheers,
Stefan

[nickray]

Right now, Trussed and the solo2 firmware don't use specific M33 functionality - which vs. M4 would be TrustZone (e.g., the crypto engine running in the "secure domain"). We do pick M4 as a baseline to have fast constant time crypto in firmware. Meanwhile, solo2 firmware uses security features specific to the NXP LPC55 chip (secure boot, signed updates, encryption of data at rest with the PRINCE peripheral in combination with the PUF), which nitro3 will have to solve differently on their platform. To put this differently, Trussed and the apps are one piece of the puzzle, the platform (at least M4) on which they run is another (which could include TrustZone, but also other platform security features).

[suntorytimed]

Thanks a lot for the detailed explanation!