Login

TrustZone

ARM® TrustZone® technology is a system-wide approach to security that can be used to protect services and devices from scalable attacks. Its hardware based security is built-in by chip designers who want to provide secure end points and roots of trust. The family of TrustZone technologies has been expanded and deepened so that it can be integrated into any ARM based system. There are two main TrustZone technologies:

ARM TrustZone Technology for Cortex-A and Cortex-M Class Processors

ARM TrustZone technology is used on billions of chips to protect valuable services and devices. It is the pre-eminent security solution for applications processors and used in a diverse range of end markets including smartphones, tablets, personal computers, wearables and enterprise systems. With the announcement of TrustZone for ARMv8-M, ARM has extended this technology to microcontrollers helping protect the smallest, resource constrained platforms.

TrustZone technology on Cortex-A based applications processors is commonly used to run trusted boot and a trusted OS to create a Trusted Execution Environment (TEE). Typical use cases in mobile platforms include the protection of authentication mechanisms, cryptography, key material and DRM. Applications that run in the secure world are called Trusted Apps.

ARMv8-M architecture extends TrustZone technology to microcontrollers, enabling robust levels of protection at all cost points. The design is optimized for an efficient, low latency, deterministic interrupt response that is crucial for embedded systems. Interrupts are routed by hardware to the correct handler for both normal and secure worlds thus removing the overhead of a software check before dispatch. To further satisfy real time and low power requirements, the switch between the normal and secure worlds is performed in hardware, removing the need for a hypervisor with its associated code and processing overhead. Software productivity is enhanced as TrustZone for ARMv8-M is fully programmable in C language (in line with the rest of the ARMv8-M architecture) and offers protected debug operations corresponding to the security state of the processor.

Secure memory and secure peripherals can be integrated as the architecture uses ARM AMBA® 5 AHB5 to propagate the secure state signal across the chip.

ARM TrustZone CryptoCell

CryptoCell is a range of security sub-systems and hardware components that provide platform level security as well as hardware support for security acceleration and offloading.

CryptoCell’s architecture level protection provides tools and building blocks for a wide range of applications including: content protection, IoT security, encryption and provisioning.

CryptoCell digital security subsystem serves as an infrastructure for security related use cases running on the SoC and is comprised of hardware, firmware and SoC-external tools.

CryptoCell includes efficient hardware cryptographic engines, RNG, root of trust/key management, secure boot, secure debug and lifecycle management.

The CryptoCell-300 series of products are usually coupled with ARM Cortex®-M CPUs and the CryptoCell-700 series integrated with Cortex-A application processors.

CryptoCell enables SoC architects to tradeoff area, power, performance or robustness in a very flexible manner. Designs can be optimized to achieve the security vs. cost “sweet spot” appropriate to the target market.

 

ARM TrustZone for ARMv8-M

ARM TrustZone for ARMv8-M brings TrustZone technology to low cost and resource constrained microcontrollers. In ARMv8-M a hardware isolated “trusted world” separates trusted software, data and hardware from the non-trusted world. These security states are orthogonal to the existing Thread and Handler modes i.e. a Thread and Handler mode exist in both states.

ARM TrustZone for ARMv8-M

TrustZone for ARMv8-M enables a “Secure world” for trusted embedded applications.

Secure resources are protected from non-secure access enabling the system designer to isolate and compartmentalize their design. This is achieved through a Secure Attribution Unit (SAU) that is similar to an MPU. Since the transitions between the two states are hardware based they are almost instantaneous and thus maintain the real time performance and reduced software overhead associated with ARM’s microcontroller profile.

TrustZone for ARMv8-M propagates the security state on the bus fabric and is compatible with ARM AMBA® 5 AHB5.

TrustZone for ARMv8-M is a foundation on which the ARM ecosystem will build system IP, middleware and devices for many embedded applications. This foundation will attract developers who will be able to deploy the same application across many systems.

Writing code for the normal world remains the same as before: the application has access to privileged and non-privileged space plus interrupts. To call on libraries in the secure world, function entry points are linked into the project. This design simplifies writing software for Cortex-M processors that incorporate TrustZone technology. Typically system suppliers will supply some secure code to setup and run the security attributes across all components within a system. In a typical implementation the design will be partitioned so that the code in the secure state is kept as small as possible to reduce the attack surface and vulnerabilities. Similar to TrustZone for Cortex-A processors, programs running in secure state can access both secure and non-secure information, whereas non-secure programs can only access non-secure resources.

Interrupts can also be secure or non-secure, as determined by a register which is programmable only from the secure world. TrustZone for ARMv8-M handles all interrupt transitions automatically to maintain security, register protection and to preserve the low latency expected in real time embedded systems.

Example use cases:

  • Firmware protection
  • Security management
  • Root of trust implementation
  • Peripheral and I/O protection
  • Code isolation between multiple suppliers
  • Sandboxing for devices with certified software
  • Consolidation of multiple helper processors into one

ARM TrustZone for ARMv8-A/ARMv7-A/ARMv6Z

TrustZone technology is tightly integrated into Cortex®-A processors that propagate the secure state across the chip using the AMBA® AXI bus and specific TrustZone System IP blocks. This system approach means that it is possible to secure peripherals such as secure memory, crypto blocks, keyboard and screen to ensure they can be protected from attack.

Devices developed with TrustZone technology, according to the recommendations of the Trusted Base System Architecture specification (available with a NDA), enable the delivery of platforms capable of supporting a full Trusted Execution Environment (TEE). TEEs can be designed to support Over The Air (OTA) downloaded Trusted Apps that enable service providers and device manufacturers to benefit from the integrity and confidentiality that TrustZone provides. ARM and many of its partners support the work of GlobalPlatform to provide compliance and certification schemes for the TEE, enabling interoperability and third party security evaluations.

To help silicon partners port a TEE onto their platform ARM provides a reference implementation of low-level software known as ARM Trusted Firmware. This software is available as open source on GitHub and includes trusted boot and a secure runtime including Secure Monitor Code (SMC).


Maximise


Cookies

We use cookies to give you the best experience on our website. By continuing to use our site you consent to our cookies.

Change Settings

Find out more about the cookies we set