Virtualization on TrustZone-Enabled Microcontrollers? Voilà!

With predictions pointing to more than 20 billion Internet-enabled 'things' by 2020 and much more to come, smart sensor nodes are expected to be predominant in the Internet of Things (IoT) era. As these systems are connected to the Internet and tend to implement an ever-growing number of mixed-criticality features, there is huge pressure for strong isolation to guarantee a reliable, secure, and predictable infrastructure. While virtualization has been a game-changer for consolidation and isolation in mid-to high-end embedded applications, for low-end and low-cost systems it is still in its infancy, and only a limited number of solutions have been proposed so far. This work aims at developing a lightweight hypervisor which provides strong isolation on resource-constrained devices. Our approach leverages TrustZone technology available on modern Arm microcontrollers (TrustZone-M) to implement a predictable virtualization infrastructure for low-end and low-cost systems. Experiments conducted on an Arm Musca-A multi-core platform demonstrate our solution achieves low memory footprint, high efficiency, and strict timing predictability.