Chapter 1 Introduction

In the end of 2019 I decided to learn more about TrustZone-M - then 2020 started off and COVID-19 escalated pretty quickly into a global lockdown, cutting overtime and short-work. To use that gained freedom2, I bought a STM32 Nucleo-L552ZE-Q which is a pretty cheap development board with TrustZone-M enabled.

At some point while playing around with the Nucleo board I figured it would be easier to first learn about fundamentals of Arm M-profile cores and TrustZone-M in general, before learning about an implementation of a particular vendor like STM32.

Since I learn best writing things down, I started creating this book.3 The version at hand is about these fundamental topics, which are appicable to all TrustZone-M and Arm M-profile implementations and embedded firmware in general. They build the basis for future explorations in embedded systems security. Hopefully, future versions of this book will include more on reverse engineering, exploitation, TrustZone-M in general and details on implementations from specific vendors. The current version includes the following chapters:

logical structure of this book

Figure 1.1: logical structure of this book

Please check out chapter 2.1 for details on the overall structure of this book and the contents of each chapter.

1.1 What to expect?

This book is a 100% freetime project.After reading, writing and thinking for many hours I found some answers and learned a lot … but what I mainly found are new questions. So this book is still in progress, very early beta, and not (and maybe never will be) finished.

As always, you should be critical and expect errors: Although I try to be aware of the Dunning-Kruger-Effect, there were topics I learned about during writing. Hence, I might have reached mount stupid, without having passed valley of despair yet. But since you can’t reach plateau of sustainability without crossig mount stupid and valley of dispair, I feel this is the right way.

Dunning Kruger Effect

Figure 1.2: Dunning Kruger Effect

I am not a native english speaker and there was no lector reviewing this book.

Considering all these disclaimers, there is a lot of room for improvement of this book. You can help in different ways.

1.2 Support & Give Back

1.2.2 ✓ Report Bugs

Submit Bug Reports and feedback in general! Misspellings, grammatical errors, technical errors, improvement of documentation regarding intelligibility, terminology, sentence structure, layout.

Please use the GitHub ticket system to report bugs!

1.2.3 ♥ Share

If you find this book helpful or you think it could be helpful for your someone you know: Tell them!

https://embeddedsecurity.io

Tell your friends!

1.3 About the Author

Hi! My name is Dimitrios Slamaris and I focus on IT security since quite some years. I will spare you with the details, and will only mention that my focus shifted due to my professional work from (Active Directory) Threat Hunting to Embedded Security during the last three years. This book documents my journey and process of exploring Arm based embedded systems.

I have a blog on blog.3or.de (semi active) and a Twitter Account @dim0x69. You can find my contact details on my imprint page. Feel free to contact me!


  1. You might find it strange to have freedom and lockdown in one sentence, but I strongly believe that our perception highly influences our state of beeing. Lockdown gave me the freedom to learn and improve on certain things, which in the end resulted in writing this book.↩︎

  2. Writing helps me organizing different topics in my brain in a strucutured and logical way , which in consequence improves how good I can recall details.↩︎