There are a wide variety of possible software architectures for the secure world, and the implementation of these is almost totally dependent on the application the user is targeting.
A simple implementation may be focused on protecting a single asset which was implemented in a protected factory environment, such as authentication of a single secret. This requires a simple solution comprising of a lightweight secure kernel and integration of the monitor for switching between normal and secure domains.
Alternatively the system architect may be looking for a robust and long term solution where trusted applications are appended over the lifetime of the device, for example in a mobile handset or tablet. In this case the designer may opt for a Trusted Execution Environment which mimics many of the dynamic functions of a traditional OS, including sandboxing of applications, while remaining small enough to be certified.
Due to the inherent complexity of implementing a full Secure OS, and the potential need to certify its capabilities and performance, ARM recommends investigating commercial TEE solutions from Trusted OS suppliers that are members of GlobalPlatform. However if partners require a simpler solution, or are investigating building their own TEE, then we recommend they start by reviewing example code for the Secure Monitor
ARMv6* & ARMv7-A** example code available here or via ARM.com >> Support >> FAQ and Knowledge Articles
ARMv8-A*** example code available here or via ARM.com >> Support >> Downloads
TEE & TrustZone Commitments
ARM is committed to open ecosystems, and believes that innovation happens best when you set engineers around the world free to design the future. As part of their commitment to openness when ARM formed Trustonic, a TEE vendor, in partnership with Gemalto and Giesecke & Devrient, ARM agreed to a set of open commitments with the European Union and MOFCOM (China Ministry of Commerce) to ensure an open environment.
The commitments given to both the European Commission and MOFCOM are broadly as follows:
- ARM will continue to enable the open development of secure systems by supporting TrustZone Secure Monitor Code for ARMv6 and ARMv7-A architectures;
- ARM will continue to enable the open development of future secure systems by supporting TrustZone Secure Monitor Code for ARMv8-A architecture;
- ARM will continue to ensure all ecosystem partners have fair access to any future versions of the Secure Monitor Code example;
- ARM will continue to make available all information required to develop a Trusted Execution Environment under fair, reasonable and non-discriminatory licensing terms; and
- ARM will continue to ensure than all IP created supports the ecosystem equally.
TEE & TrustZone Contact Information
As an interested party if you have any concerns that ARM may accidently be in breach of these commitments, or otherwise, you have the opportunity to report such breaches here. A member of ARM will then contact you to understand your concern, and resolve the matter within 15 business days. Your notification will also be provided to the Monitoring Trustee who will overview the resolution and, if not resolved after eight working days, will also propose their own proposal to resolve the matter.
Alternatively, if you have any general queries related to the Commitments you may contact ARM on the same email address above or one of the Monitoring Trustees on the details provided below:
Grant Thornton is approved by the Commission to monitor ARM’s compliance to commitments.
Mr. Mark Byers
Grant Thornton UK LLP, 30 Finsbury Square, London EC2P 2YU
Tel: +44 2073835100
Grant Thornton is approved by MOFCOM to monitor ARM’s compliance to commitments.
10th Floor, Scitech Place
22 Jianguomenwai Avenue
Beijing 100004, China
* ARMv6 processors with TrustZone technology is limited to ARM1176JZ(F)-S
**ARMv7-A processors include Cortex-A5, Cortex-A7, Cortex-A8, Cortex-A9, Cortex-A12, and Cortex-A15
***ARMv8 processors include Cortex-A53 and Cortex-A57