This work addresses the conflict between the periodic SysTick interrupts relied upon by real-time operating systems (RTOS) and the atomic execution requirements of trusted computing, which can lead to timing inaccuracies and degraded real-time performance. To resolve this issue without modifying existing RTOS implementations, the authors propose a TrustZone-M-based secure-world-driven time synchronization mechanism. By precisely measuring elapsed time and transparently compensating for missed clock ticks in the non-secure world, the approach restores a monotonic and consistent time view across both worlds. This method achieves, for the first time, temporal consistency and secure coexistence between trusted services and a non-secure RTOS sharing an interrupt controller, preserving both the atomicity of trusted execution and the RTOS’s timing accuracy and real-time behavior, with negligible runtime overhead.

Trusted Execution Environments (TEEs) on low-power microcontrollers (e.g., ARM TrustZone-M) enable isolation of Secure and Non-Secure software but still require both worlds to share resources, including interrupt controllers. In this model, real-time applications and real-time operating systems (RTOS-s) are executed in the Non-Secure sub-system, whereas the Secure sub-system is typically reserved for a small set of pre-defined security (e.g., cryptographic) operations referred to as trusted computing services. However, many RTOS-s rely on periodic interrupts (SysTicks) to advance their own notion of time (time-keeping), and the delivery of this interrupt is essential for preserving real-time behavior. On the other hand, the security of many trusted computing services requires atomicity vis-a-vis the Non-Secure sub-system (where the RTOS resides), precluding SysTick handling. This paper first characterizes this conflict and then introduces a Secure-driven time synchronization mechanism in which the Secure World measures elapsed time and compensates the Non-Secure RTOS by unobtrusively updating the RTOS time-keeping data structures with the appropriate number of missed ticks before re-enabling interrupts and resuming the execution of the Non-Secure system. This approach restores a consistent, monotonic notion of time across worlds and enables secure coexistence of trusted computing services and RTOS-s on microcontrollers. Importantly, the proposed approach requires no modifications to the underlying RTOS and yields no significant run-time overhead.