Beginner Lab 14: Secure vs Non-Secure Zone Demo
Last modified by Microchip on 2026/06/30 14:47
Objective
- To introduce the security concepts of the Armv8-M TrustZone® architecture.
- To demonstrate the functional separation between the Secure and Non-Secure memory regions.
- To configure and trigger an External Interrupt Controller (EIC) switch interrupt in the Non-Secure region.
- To toggle an LED in the Secure region through a controlled Secure function call.
- To observe and analyze access violations when Non-Secure code attempts unauthorized access to Secure resources.
Overview
Modern Armv8-M–based microcontrollers, such as the PIC32CM LS00 Curiosity Nano+ Touch Evaluation Kit, implement TrustZone technology, which partitions the system into two distinct security domains:
- Secure World – Hosts trusted firmware, secure peripherals, and security-critical operations.
- Non-Secure World – Executes user application code with restricted access to Secure resources.
In this laboratory exercise:
- The EIC switch is configured in the Non-Secure region.
- The LED peripheral is configured in the Secure region.
- A Secure Gateway function (cmse_nonsecure_entry) is implemented to enable controlled access from the Non-Secure domain to Secure services.
- An intentional direct access attempt from the Non-Secure region to Secure resources is performed to demonstrate a security fault condition.
Lab Activities
- Configure the EIC switch in the Non-Secure region and the LED peripheral in the Secure region.
- Add application code to both the Non-Secure and Secure regions of the project to demonstrate communication between these regions using the nonsecure_entry file.
- Call a Secure function from the Non-Secure Interrupt Service Routine (ISR). Invoke the Secure Gateway LED toggle function from the Non-Secure interrupt handler and verify correct LED operation.
- Demonstrate an access violation by attempting direct access to a Secure peripheral from Non-Secure code. Observe the resulting Secure or Hard Fault exception to confirm hardware-enforced isolation.
- Observe the LED toggling output on the PIC32CM LS00 Curiosity Nano+ Touch Evaluation Kit.
Expected Outcomes
Upon completion of this lab, you will be able to:
- Configure and distinguish peripherals assigned to Secure and Non-Secure regions, specifically the EIC switch (Non-Secure) and the LED (Secure).
- Implement and use a Secure Gateway (nonsecure_entry) mechanism to enable controlled communication between Secure and Non-Secure execution domains.
- Successfully invoke a Secure function from a Non-Secure Interrupt Service Routine (ISR) and verify correct LED toggling operation.
- Identify and analyze Secure Fault or HardFault exceptions resulting from unauthorized Non-Secure access to Secure peripherals.
- Interpret practical output behavior such as LED toggling and fault generation to validate the boundaries between Secure and Non-Secure execution.
Lab Source Files and Solutions
This ZIP file contains the completed solution project for this lab. It also contains the source files needed to perform the lab as per the following step-by-step instructions (see the "Lab Index" section on this page).
for this lab.
Lab Index
- Step 1: Armv8-M TrustZone Security Model, Secure Gateway and Memory Mapping
- Step 1.1 - Armv8-M TrustZone Security Model
- Step 1.2 - Secure Gateway on Armv8-M
- Step 1.3 - Memory Mapping on Armv8-M
- Step 2: Configure EIC for Switch in the Non-Secure Region and LED in the Secure Region
- Step 2.1 - Configure External Interrupt Controller (EIC) PLIB as Non-Secure for Switch Button
- Step 2.2 - Pin Configuration for Switch and LED
- Step 2.3 - Arm® TrustZone for Armv8-M
- Step 3: Generate Code
- Step 3.1 - Generate Code
- Step 4: Add Application Code to the Project
- Step 4.1 - Application Code for the project
- Step 4.2 - Access Violation Between Secure/Non-Secure Zones
- Step 5: Build, Program and Observe the Output
- Step 5.1 - Build, Hardware Setup and Program
- Step 5.2 - Observe the Output