 So here's the ARM V8M Secure Debug running on this right here. So who are you? Hello, I'm Marc Marino from ARM. And today we bring here a demo using the latest subsystem for IoT endpoints. So what are we looking at here? Here we have running our system Gortling SSE 200, which is the first subsystem which has a Cortex-M53, which is based on the ARM V8M. So this is ARM Cortex-M33. It's ARM core link. I mean, who's shipping this board? Is it like a test board? It's a test board and it's a proof that we can create an endpoint subsystem based on the latest security features. So who's shipping this test board and who's using it right now? Right now we are showing what we can do to our partners. No one is shipping it. It's an ARM system. It's using the MPS to board with an FPGA. And inside the FPGA we have the subsystem in it. Can you point to... Where's the FPGA? The FPGA is below this shield adapter, so we cannot see it. And maybe what we want to show here is showing the security features that we have. So mainly what we have is we have a secure code which is booting, which is configured in our system in order to create two spaces, the secure one and the non-secure one. And when the system is configured, then the non-secure code starts to run and it's calling the secure region every 500 milliseconds. So the secure code what it's going to do is going to check this switch and based on that it's going to allow the debugger to see what is going on in the secure part or not. That is interesting because what we are showing here is that when we talk about security even we can secure the secure area against the debugger as well. So what this is a very, very interesting feature. So mainly what we are doing here, so we have the secure code which is generating a random secret value and it is storing in a secret area when we are insecure but it cannot read anything in that memory space. We can try it, so we can try to connect the board. What is this? This is a DS5. And that is connected directly to our board. So what we are going to do, we are going to try to back our code to disconnecting. And the interesting part is try to access to the address where we are storing the secret code. If you have to do it, so we are not able to see anything. It's empty. It's empty because it's secure. So now it's in secure mode. Is this the only way to do security to have two different regions? Is it hardware regions? Yes, so all the security is based on hardware. So it's imported by hardware. And the interesting part is switching from one context to the other is in few cycles. In few cycles. So this makes it interesting. So you are not adding any overhead to have that system in secure mode. And this is trust zone? There is trust zone. This is trust zone and small trust zone. It's a tiny one for Cortex-M. That's correct. So what they did is they port the trust zone to the M class to enforce the security at the endpoint. Which is nowadays is something very, very important based on the latest attacks. So in that subsystem we are securing not only from the core point of view, also from the system point of view. And here it says calling SSE 200. That's all some IP that's part of the M33. Oh yes. That's doing what in this relation? So the MP3 here we have two cores. And then we have the bus and then we have some security filters based on trust zone ones. And those filters are securing the memory. So imagine that you have, for example, a DMA and if you secure some part of the memory, the DMA cannot write on that area, for example. And we are also securing the peripherals. That's why here we can see that some peripherals are insecure. Only the secure code can interact with those peripherals. And also in our division we define which peripherals are going to be accessible from the non-secure code. And what is the communication protocol? How does it work to communicate between secure and unsecure? So we have a specific secure gateways. Is that a new designer? It's always been like this with trust zone? Always was like that in trust zone. But now there are new instructions to make the transition very fast. Right. And that is what is doing right now that system. And there's no way to hijack this part. Nobody can make it fake or anything. No, no, no. At least. No, no, no. So how it works is from the non-secure you jump directly to the one instruction is called SG. And that checks if that zone is non-secure callable. So it means, can I call it from the non-secure side? And it's like, yes, you can then directly you can jump to the function. You switch the mode to the secure one and then you go directly to the function. You perform something and then you switch back to the non-secure. So this was announced not so long ago, maybe six months ago. Yeah. The chips are coming soon. Yes. And the work is very hard, very dedicated work going on right now in the narrow with this. Well, yes. What we try to do, we try to port Sefir on that platform. Try to port also embed is porting to that platform. So we are trying to enable as much software as possible and try to show how to build secure applications on those systems. So does Sefir work with all the security already? It's implemented? It's not yet. We are working on it just to have it as soon as possible. And that's just one way of doing it. There could be other OS? Correct. So yeah, you can port other OS. At the end, what we want to show is a kind of reference that is more or less our guidelines, how you should do it, but it's open. So you can design it as based on your needs. And there's also Cortex M23, right? It's Cortex M33. And the 23? Is it similar? It's similar. So we have the Cortex M23, which is a very small one. It's a very small one. It's a very small one. It's a kind of, we can say it's a kind of Cortex M0++ security. And Cortex M33 is a kind of Cortex M3M4 and even M7 plus security. That's much bigger. It's much bigger. Can you do all this on the Cortex M23 also? Only some of it. On the small one? M23. M23. You have less things that you can do in there, but even you can make security. You have less handlers, so you have less possibilities. But the main cord, the trust on security is in there. And all the security is going to be easy for people to use, because this is going to be shipping in every single M23. Yes. So it's going to be easy for everybody to implement. Yes. We think that it's going to be very easy to implement. That's why we are going to provide, or we provide some examples, how they should do it, some guidelines to the people in order to make that development easily. And it's all in open source. It's open source security, right? That is what we would like to do. Yes. Right.