TrustZone is hardware based security built into SoCs by semiconductor chip designers who want to provide secure end points and roots of trust. The family of TrustZone technologies can be integrated into any ARM based system, from the smallest microcontrollers to high performance applications processors.
There are two main TrustZone technologies:
ARM TrustZone Technology for Cortex-A and Cortex-M Processors
At the heart of the TrustZone approach is the concept of secure and non-secure worlds that are hardware isolated from each other. As an example within a CPU, software either resides in the secure world or the non-secure world with a switch between these two worlds accomplished by a secure monitor (application processors) or via hardware (microcontrollers). This concept of secure (trusted) and non-secure (non-trusted) worlds extends beyond the CPU, its memory and software to include transactions on a bus, interrupts and peripheral functions within a SoC.
TrustZone technology within Cortex-A based application processors is commonly used to run trusted boot and a trusted OS to create a Trusted Execution Environment (TEE). Typical use cases include the protection of authentication mechanisms, cryptography, key material and DRM. Applications that run in the secure world are called Trusted Apps.
ARMv8-M architecture extends TrustZone technology to Cortex-M class systems such as microcontrollers, enabling robust levels of protection at all cost points. TrustZone for ARMv8-M has the same high-level features as TrustZone on applications processors but with the added benefit that switching between secure and non-secure worlds is done in hardware for faster transitions and greater power efficiency. Software productivity is enhanced as TrustZone for ARMv8-M is fully programmable in C language (in line with the rest of the ARMv8-M architecture) and offers protected debug operations corresponding to the security state of the processor.
ARM TrustZone CryptoCell
CryptoCell is a range of security sub-systems and hardware components that provide platform level security as well as hardware support for security acceleration and offloading. CryptoCell enables SoC designers to tradeoff area, power, performance or robustness in a very flexible manner so that SoC designs can be optimized to achieve the most appropriate security level for the target market. The chip designer instantiates CryptoCell as a secure peripheral on the AMBA interconnect.
CryptoCell includes efficient hardware cryptographic engines, TRNG, root of trust/key management, secure boot, secure debug and lifecycle management. It is comprised of hardware, firmware and SoC-external tools. There are two main series:
- The CryptoCell-300 series optimized for low power and resource constrained platforms
- The CryptoCell-700 series aimed at higher performance systems.
TrustZone CryptoCell acts as a Root Of Trust (ROT) and security subsystem
CryptoCell is a separate functional block to the processor. It is typically integrated as a trusted peripheral using AMBA Interconnect to isolate it from the non-trusted region (normal world).
ARM TrustZone for ARMv8-M
ARM TrustZone for ARMv8-M brings TrustZone technology to low cost and resource constrained microcontrollers. In ARMv8-M a hardware isolated “trusted world” separates trusted software, data and hardware from the non-trusted world. These security states are orthogonal to the existing Thread and Handler modes i.e. a Thread and Handler mode exist in both states.
TrustZone for ARMv8-M enables a “Secure world” for trusted embedded applications.
Secure resources are protected from non-secure access enabling the system designer to isolate and compartmentalize their design. This is achieved through a Secure Attribution Unit (SAU) that is similar to an MPU. Since the transitions between the two states are hardware based they are almost instantaneous and thus maintain the real time performance and reduced software overhead associated with ARM’s microcontroller profile.
TrustZone for ARMv8-M propagates the security state on the bus fabric and is compatible with ARM AMBA® 5 AHB5.
TrustZone for ARMv8-M is a foundation on which the ARM ecosystem will build system IP, middleware and devices for many embedded applications. This foundation will attract developers who will be able to deploy the same application across many systems.
Writing code for the normal world remains the same as before: the application has access to privileged and non-privileged space plus interrupts. To call on libraries in the secure world, function entry points are linked into the project. This design simplifies writing software for Cortex-M processors that incorporate TrustZone technology. Typically system suppliers will supply some secure code to setup and run the security attributes across all components within a system. In a typical implementation the design will be partitioned so that the code in the secure state is kept as small as possible to reduce the attack surface and vulnerabilities. Similar to TrustZone for Cortex-A processors, programs running in secure state can access both secure and non-secure information, whereas non-secure programs can only access non-secure resources.
Interrupts can also be secure or non-secure, as determined by a register which is programmable only from the secure world. TrustZone for ARMv8-M handles all interrupt transitions automatically to maintain security, register protection and to preserve the low latency expected in real time embedded systems.
Example use cases:
- Firmware protection
- Security management
- Root of trust implementation
- Peripheral and I/O protection
- Code isolation between multiple suppliers
- Sandboxing for devices with certified software
- Consolidation of multiple helper processors into one
ARM TrustZone for ARMv8-A/ARMv7-A/ARMv6Z
TrustZone technology provides a foundation for system-wide security and the creation of a trusted platform. Any part of the system can be designed to be part of the secure world including debug, peripherals, interrupts and memory. By creating a security subsystem assets can be protected from software attacks and common hardware attacks.
The partitioning of the two worlds is achieved by hardware logic present in the AMBA bus fabric, peripherals and processors. Each physical processor core has two virtual cores: one considered secure and the other non-secure and a robust mechanism is provided to context switch between them (Secure Monitor Call). The non-secure virtual processor can only access non-secure system resources whereas the secure virtual processor can see all resources. The entry to the secure monitor can be triggered by software executing a dedicated Secure Monitor Call (SMC) instruction or by a number of exception mechanisms. The monitor code typically saves the state of the current world and restores the state of the world being switched to.
In order to implement a Secure world in the SoC trusted software needs to be developed to make use of the protected assets. This code typically implements trusted boot, the secure world switch monitor, a small trusted OS and trusted apps. Multiple levels of secure world privileges are provided for isolation between trusted boot, trusted OS and trusted apps. The combination of TrustZone based hardware isolation, trusted boot and a trusted OS make up a Trusted Execution Environment (TEE). The TEE offers the security properties of confidentiality and integrity to multiple Trusted Apps. Many TEE providers follow GlobalPlatforms standard APIs to their TEE to deliver a common security capability across platforms and different markets. A protection profile has been written by GlobalPlatform for TEEs and a security evaluation scheme developed that can be used by partners who want to gain security certification from an independent test laboratory.
SoC developers and OEMs can benefit from a reference implementation of low-level secure world software known as ARM Trusted Firmware. This software is available as open source on GitHub and includes trusted boot and a secure runtime that takes care of the switching between the normal (non-trusted) and secure (trusted) worlds using Secure Monitor Code Calling Convention (SMCCC). ARM Trusted Firmware can be integrated with a commercial or open source trusted OS to create a TEE.
To aid the system designer in creating a TrustZone based TEE, ARM has created a number of documents, reference software and training courses. These documents include:
Trusted Base System Architecture (TBSA)
Trusted Board Boot Requirements (TBBR)
TrustZone Media Protection Architecture (TZMP)
To get access to these documents please make a request via your account manager or FAE.