TrustZone Security IP
Right-sized security to protect your assets
As digital devices across all markets grow in performance and capability they are forced to deal with an ever increasing range of potential threats and attack vectors. To address these threats many organizations are defining security requirements and compliance programs.
ARM® TrustZone® Security IP is a comprehensive security solution that enables silicon vendors to keep up to date with digital security requirements and protect target use cases. It is to be used in addition to the TrustZone technology - a system-wide approach to security which has already been used in billions of devices.
All TrustZone Security IP complies with the ARM TrustZone Ready Program that eases the process of designing the appropriate security foundations into SoCs while passing industry certifications.
TrustZone CryptoCell is a comprehensive security solution, providing security services - code and data protection for various stakeholders – needed by applications across different market segments. CryptoCell allows partners to easily implement an optimized security solution for their design, which gives them more time to focus on differentiating their application. CryptoCell covers hardware, software and tools, as well as being pre-integrated with prevalent operating systems for different environments (for example mbedOS, Linux, OPTEE, and tbase).
The CryptoCell security solution is offered either as a “high-performance” variant or as a “high-efficiency” variant, allowing designers to trade-off performance, power and area, as well as robustness level, according to their target markets and use cases.
TrustZone Random Number Generator
The use of unpredictable random numbers underpins most modern security schemes. A Random Number Generator (RNG) is a mandatory component in any system that generates cryptographic assets.
A standard Random Number Generator includes 2 components:
- True Random Number Generator (TRNG) – a HW component that generates unpredictable numbers based on a physical process.
- Deterministic Random Bit Generator (DRBG) – an algorithm capable of producing vast amounts of number sequences after being “seeded” by the TRNG
The ARM TrustZone RNG offers these 2 components:
- A TRNG which conforms to the following standards and drafts:
- NIST SP800-90B
- NIST SP800-22
- FIPS 140-2
- BSI AIS-31
- Optionally, a SW-implemented DRBG which follows NIST SP800-90A (making the entire RNG flow SP800-90C compliant)
TrustZone Full Disk Encryption
The ARM TrustZone Full Disk Encryption (FDE) product family includes several single or multi-core, high performance AES (Advanced Encryption Standard) engines, designed to support the need to encrypt all user data saved on the latest generation of solid-state storage devices (UFS, eMMC).
The products in the ARM TrustZone FDE family offer optimized implementations of AES modes of operations “designed for storage”, for example, XTS, CBC-ESSIV and CBC-BitLocker.
TrustZone Address Space Controllers
TrustZone Address Space Controllers extend on-chip security by partitioning external memory in to secure and non-secure regions. The ARM CoreLink TZC-400 TrustZone Address Space Controller protects multiple regions of external memory against software attack, with a fast path to hide look up latency and ARM AMBA 4 ACE-Lite and AXI4 support. For on-chip memory, internal SRAM, TrustZone controllers, perform signature checks and ensure secure boot.