Guidance on secure vs non-secure peripherals in TF-M. (IoT node)

Forum|Forum|6 months ago
November 3, 2025
1 reply
190 views

Hi everyone,

We’re developing an IoT node for agricultural applications and plan to make it compliant with certification requirements (CE, CRA, RED).

We’re using the X-CUBE-AZURE package as our starting point and want to use TF-M (Trusted Firmware-M) for security.

We’re new to cybersecurity and TrustZone, so I’d like to ask the community:

Which peripherals and parts of the application stack should be implemented on the secure side of TF-M in this case?

In our design we have various interfaces: UART, I2C, SPI, Wi-Fi module, Digital I/O, Analog I/O, CANBus, Modbus, and SDI-12.

Which of these should be configured as secure or non-secure, and which parts of the Azure IoT stack are typically expected to run in the secure vs non-secure world?

Any practical examples or recommendations based on your experience with X-CUBE-AZURE and TF-M would be very helpful.

Thanks in advance!

Best answer by Jocelyn RICARD

Hello @macar ,

The principle in TrustZone is to keep secret assets on secure side (keys mainly).

Also, adding anything to TFM is very complex.

So, my recommendation would be to not change anything on secure side. TFM provides secure storage and crypto services and you can used through PSA API. Put all the rest in non secure.

Best regards

Jocelyn

Jocelyn RICARDBest answer

ST Employee

Hello @macar ,

The principle in TrustZone is to keep secret assets on secure side (keys mainly).

Also, adding anything to TFM is very complex.

So, my recommendation would be to not change anything on secure side. TFM provides secure storage and crypto services and you can used through PSA API. Put all the rest in non secure.

Best regards

Jocelyn

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded