Beginner Lab 14: Secure vs Non-Secure Zone Demo

Last modified by Microchip on 2026/06/30 14:47

Objective

  1. To introduce the security concepts of the Armv8-M TrustZone® architecture.
  2. To demonstrate the functional separation between the Secure and Non-Secure memory regions.
  3. To configure and trigger an External Interrupt Controller (EIC) switch interrupt in the Non-Secure region.
  4. To toggle an LED in the Secure region through a controlled Secure function call.
  5. To observe and analyze access violations when Non-Secure code attempts unauthorized access to Secure resources.

Overview

Modern Armv8-M–based microcontrollers, such as the PIC32CM LS00 Curiosity Nano+ Touch Evaluation Kit, implement TrustZone technology, which partitions the system into two distinct security domains:

  • Secure World – Hosts trusted firmware, secure peripherals, and security-critical operations.
  • Non-Secure World – Executes user application code with restricted access to Secure resources.

In this laboratory exercise:

  • The EIC switch is configured in the Non-Secure region.
  • The LED peripheral is configured in the Secure region.
  • A Secure Gateway function (cmse_nonsecure_entry) is implemented to enable controlled access from the Non-Secure domain to Secure services.
  • An intentional direct access attempt from the Non-Secure region to Secure resources is performed to demonstrate a security fault condition.

Lab Activities

  • Configure the EIC switch in the Non-Secure region and the LED peripheral in the Secure region.
  • Add application code to both the Non-Secure and Secure regions of the project to demonstrate communication between these regions using the nonsecure_entry file.
  • Call a Secure function from the Non-Secure Interrupt Service Routine (ISR). Invoke the Secure Gateway LED toggle function from the Non-Secure interrupt handler and verify correct LED operation.
  • Demonstrate an access violation by attempting direct access to a Secure peripheral from Non-Secure code. Observe the resulting Secure or Hard Fault exception to confirm hardware-enforced isolation.
  • Observe the LED toggling output on the PIC32CM LS00 Curiosity Nano+ Touch Evaluation Kit.

Expected Outcomes

Upon completion of this lab, you will be able to:

  • Configure and distinguish peripherals assigned to Secure and Non-Secure regions, specifically the EIC switch (Non-Secure) and the LED (Secure).
  • Implement and use a Secure Gateway (nonsecure_entry) mechanism to enable controlled communication between Secure and Non-Secure execution domains.
  • Successfully invoke a Secure function from a Non-Secure Interrupt Service Routine (ISR) and verify correct LED toggling operation.
  • Identify and analyze Secure Fault or HardFault exceptions resulting from unauthorized Non-Secure access to Secure peripherals.
  • Interpret practical output behavior such as LED toggling and fault generation to validate the boundaries between Secure and Non-Secure execution.

Lab Source Files and Solutions

This ZIP file contains the completed solution project for this lab. It also contains the source files needed to perform the lab as per the following step-by-step instructions (see the "Lab Index" section on this page).

Download the ZIP file for this lab.

Information

The contents of this ZIP file need to be placed in the following folder:

<Any directory of the user's choice>/
(example Directory = C:/microchip/harmony/v3)

Note:

  1. An MPLAB® Harmony v3 project can be created in any directory. Its location does not depend on the Harmony framework path, so it does not need to be placed under the Harmony v3 framework folder or in any relative path beneath it.
  2. This is possible because MPLAB Harmony v3 projects generate all required source files, headers and libraries locally within the project folder.

Lab Index

  1. PIC32CM LS00 Curiosity Nano+ Touch Evaluation Kit
  2. MPLAB X Integrated Development Environment (IDE)
  3. MPLAB XC32 Compiler
  4. PIC32CM LS00 Curiosity Nano+ Touch Evaluation Kit User Guide
  5. PIC32CM LE00/LS00/LS60 Family Data Sheet 

Back to Top