Chapter 1 Introduction

Welcome to We aim to provide a beginners resource on embedded systems security. Currently can learn here:

  • How firmware binaries are build. This includes basics on C and how linker scripts work.
  • An overview on the Arm M-profile architecture and implementations based on Arm M-profile.
  • TrustZone-M
  • Embedded protocols
  • Hardware Hacker tools

Here is an overview on the current chapters.

logical structure of this book

Figure 1.1: logical structure of this book

The first set of chapters is focused on the Arm M-Profile architecture, TrustZone-M and firmware binaries.

  • Chapter 2: Explains fundamentals of the C language with the focus on how an embedded firmware is build.

  • Chapter 3: This chapter provides an overview on the concepts, which are universal across all Arm M-profile architecture cores and Cortex-M implementations.

  • Chapter 4: This chapter introduces you to the basic concepts and terms of TrustZone on Armv8-M. TrustZone, or Security Extensions, are an optional feature on some Armv8-M cores.

  • Chapter 5: This chapter goes through a linker script to describe the general firmware layout of a (secure world) firmware.

The second set is about how things work in Arm M-profile architectures (and TrustZone-m) while they execute (Runtime):

  • Chapter 6: How are subroutines called? What are calling conventions? What are Exceptions?

  • Chapter 7: This chapter focuses on how secure and non-secure world interact and how secure world is initialized.

The third set is focused on embedded protocols and hacker tools:

  • Chapter 8: This chapter covers embedded protocols like UART, I2C and others. It provides examples and exercises you can do for yourself to understand those protocols.

  • Chapter 9: Every Hacker needs his or her tools. This chapter covers some important tools. The tools listed in the chapter are used in other chapters in examples and exercises.

The forth set is about vendor specific topics

  • Chapter 10: Provides details specific to STM32. Currently I use two STM32 board through the book in all the other chapters, so I collect here details which are common for STM32 systems. This includes currently details on STM32L5 in general and its security concepts and details the famous Bluepill.

All topics are highly depended and related to each other. As a consequence some topics are explained multiple times in different chapters, but with different technical depth. For example both chapter 4 and 7 explain how functions in TrustZone- are called, however chapter 7 goes into technical details and builds upon concepts introduced in 4. To connect all chapters related to a specific topic (e.g. “secure function call”) information boxes are used across the whole book. The information box for “secure function calls” for example looks like:

More on Secure function calls:

  • Chapter 5.4: CMSIS: Non-Secure Callable segment
  • Chapter 6.2: AAPCS: Subroutine Call
  • Chapter 4.4.1: Banked Registers
  • Chapter 7.3: Details: Secure function call
  • Chapter 4.6.1: Overview: Secure function call

1.1 What to expect?

This book is a 100% free time project. After reading, writing and thinking for many hours I found some answers and learned a lot … but what I mainly found are new questions. So this book is still in progress, beta, and not (and maybe never will be) finished.

As always, you should be critical and expect errors. If you find any, I’d be happy if you open a ticket. I am not a native english speaker and there was no lector reviewing this book.

Considering all these disclaimers, there is a lot of room for improvement of this book. You can help in different ways.

1.2 Support & Give Back

1.2.2 ✓ Report Bugs

Submit Bug Reports and feedback in general! Misspellings, grammatical errors, technical errors, improvement of documentation regarding intelligibility, terminology, sentence structure, layout.

Please use the GitHub ticket system to report bugs!

1.2.3 ♥ Share

If you find this book helpful or you think it could be helpful for your someone you know: Tell them!

Tell your friends!

1.3 Sponsors

The following organizations sponsor this site in multiple ways. Thanks a lot ♥!

If you are also interested in a partnership, please contact me via Twitter: @dim0x69 – Hardware Security Conference & Trainings is a technical & hands-on platform focusing on the most innovative research on attacking and defending hardware. Whether you are a hardware security professional from the semiconductors, automotive, healthcare, defense, IoT, or telecom industry, this is the place to be. Nonetheless, is more than just knowledge-sharing: we have challenging hardware CTFs, exciting hardware hacking workshops, inspiring career fairs, and engaging networking events. Sounds like your type of event? Join us this June in Santa Clara.

1.4 About me

Hi! My name is Dimitrios Slamaris and I focus on IT security since quite some years. I will spare you with the details, and will only mention that my focus shifted due to my professional work from (Active Directory) Threat Hunting to Embedded Security during the last three years. This book documents my journey and process of exploring Arm based embedded systems.

I have a blog on (semi active) and a Twitter Account @dim0x69. You can find my contact details on my imprint page. Feel free to contact me!