Security on ARM

Security on ARM Image
Security represents the third pillar of ARM powered computing, joining with low-power and high performance to deliver the next generation of SoCs.

We have a strong history in providing secure compute platforms for a range of security focused applications from Smartcards, SIMs and other Secure Elements through to feature rich secured devices in mobile handsets, tablet computers and enterprise systems.

ARM-based security is dependent on a variety of specific technologies and processors where we take a system wide approach to security starting at the deepest hardware and software levels. This approach empowers a broad ecosystem of partners to develop secure applications and high value services.

Security Technologies

Feature Rich Devices

Embedded Devices & Internet of Things


Why Security Matters

Security and privacy requirements continue to evolve and are increasing becoming a critical purchasing decision point for consumers, industry and governments. Requirements are rapidly evolving around data ownership and privacy in smart devices, such as mobile phones and tablets; and security within the Internet of Things is rapidly ramping in reaction to advanced threats such as Stuxnet and potential impacts on critical national infrastructure.

Smart Devices

Cutting edge devices such as smartphones and tablets provide consumers with high value experiences based on an expanding set of services. These range from productivity solutions such as access to email and corporate VPN, to online commerce and banking, to entertainment in the form of music and video, and many more. However, such is the capability and performance of today’s mobile devices that a new approach is required to match the services consumer demand with the risk that asset owners are willing to accept. To realize their fullest potential, mobile devices require not just power efficiency and performance but also security.

ARM is working with its Partners and standards organizations to make it easier and quicker to develop platforms and devices with robust security based on TrustZone® technology. As part of this initiative, ARM has created the TrustZone Ready Program,designed to simplify the development of chipsets and devices with a hardware-backed Trusted Execution Environment (TEE).

Evolving from Legacy Approaches

We have become used to the legacy PC user experience where the system is continuously under attack from a wide range of threats such as viruses, malware, man in the middle/browser attacks, keyloggers and zero day attacks (making use of undetected vulnerabilities).

The problem of securing large computing systems has led to the provision of an array of separate trusted hardware such as One Time Password dongles, credit card/PIN derived pass codes and complicated protocols for authentication. This growing array of hardware needed to access your bank or corporate network makes for a poor user experience, for example limiting the access to your bank account to when you have the dongle in reach.

High value services demand trusted platforms that can provide protection from software attack and enable secure protection for critical code and valuable data. As we move to the “Internet of Things” era with billions of smart connected devices a new approach is required that provides a Trusted Execution Environment built on specialized hardware available in a wide selection of modern ARM application processors.

Internet of Things & Embedded Security

Smart Devices, with feature rich operating systems, are not the only target of the modern hacker, and increasingly the industry is dealing with the advent of APD (advanced persistent threats) against critical infrastructure such as water, gas, electricity, transportation and other utilities.

The advent of the Internet of Things, with billions of additional connected devices offers significant enhancements to how we live our lives as citizens but also carries risks around subversion of the technology and management of privacy. With this in mind ARM is working with its ecosystem to develop advanced system platforms that integrate robust security controls that can ensure data is tightly constrained.

ARM has a rich history in this embedded domain with hundreds of millions of SmartCard and SIM devices shipped every year based on ARM technology. At the centre of these devices are the SecurCore range of processors which deliver the same flexibility and programmability of traditional microcontroller devices while delivering a range of specific tamper-resistant technologies that can help defeat physical and software attacks.

Where physical tamper-resistance is less important may partners already implement strong embedded security devices based on the Cortex-M range of processors. Here, through the integration of cryptography, secure storage, and professional entropy sources, such as random number generators, partners are already enabling a Secure Internet of Things.

Applications such as payment, online banking, content protection and enterprise authentication can improve their integrity, capability, and user experience by making use of three key things TrustZone technology enhanced devices provide:

  • A secure execution environment for software, safe from malicious software attacks emanating from rich operating systems
  • A known good hardware root of trust to check the integrity of data and applications in the rich operating world, safe in the knowledge the secure environment cannot be compromised
  • Access on demand to secure peripherals such as memory, the keyboard/touchscreen, and even the display

ARM TrustZone technology-based devices combined with open API’s provide the Trusted Execution Environment (TEE) with capabilities and consistency developers need to realize new services through a new type of software: the Trusted Application. A typical trusted application may have part of the code in normal world and part of the code in secure world, for example dealing with key storage and manipulation. The TEE also provides isolation from other trusted applications so that multiple trusted services can co-exist.

The standardization of TEE API’s, managed by GlobalPlatform, will enable a market for interoperable trusted applications and services from service providers, operators and OEMs.


ARM TrustZone technology removes the need for separate secure hardware to authenticate the integrity of a device or a user. It does this by providing a true hardware root of trust in the main mobile chipset.

To ensure the integrity of the application, TrustZone also provides a secure execution environment where only trusted applications can operate, safe from hacker/virus/malware style attacks, a Trusted Execution Environment (TEE).

TrustZone hardware provides the isolation for the TEE from software attack vectors. The hardware isolation extends to securing data input and output all the way to the physical peripheral, including for example, the keypad/touchscreen.

Armed with these key capabilities, chipsets equipped with TrustZone technology provide a wealth of opportunities to redefine the services users can access (more, better), how they access them (faster, easier), and where they can access them (anywhere, anytime).

Find more detailed information on TrustZone technology here.
For information on efficiently designing and implementing secure systems, please visit the Secure SoC Architecture page and the TrustZone Ready Program.

ARM provides a broad range of technology to enable the development of next-generation secure devices including: processor IP, System IP and development tools (below). In addition to SoC intellectual property, ARM provides the TrustZone Ready Program - a cohesive set of design recommendations and market requirements to help silicon partners and OEMs design the appropriate security features for their platform. For further information, it is organizations looking to develop trusted platforms should contact ARM to discuss their development needs.

Processor IP

Cortex-A Series Processors
The ARM Cortex™-A series of applications processors provide an entire range of solutions for devices hosting a rich OS platform and user applications ranging from ultra-low-cost handset through smartphones, mobile computing platforms, digital TV and set-top boxes through enterprise networking, printers and server solutions.

Every Cortex-A series processor includes TrustZone security technology within its architecture.

The Cortex-A series consists of:

SecurCore Processors
The ARM SecurCore™ processor family provides powerful 32-bit secure solutions based upon industry leading ARM architecture. SecurCore processors in a wide range of security applications outperform legacy 8-bit or 16-bit secure processors.

The ARM SecurCore series consists of the SC000, the SC100 and the SC300 processors.

System IP

ARM CoreLink™ system IP components are essential for building complex system on chips and by utilizing System IP components developers can significantly reduce development and validation cycles, saving cost and reducing time to market.


  • CoreLink NIC-301 Network Interconnect
  • CoreLink DMA-300 DMA Controller
  • CoreLink L2C-310 Level 2 Cache Controller
  • CoreLink DMC-340 Dynamic Memory Controller
  • CoreLink DMC-400 Dynamic Memory Controller
  • CoreLink TZC-380 CoreSight Address Space Controller
  • CoreSight CDK-11 CoreSight Design Kit

Tools Support

The ARM Development Studio (DS-5™) tool suite, as well as a wide range of third party told, operating system and EDA vendors support all ARM processors. ARM DS-5 software development tools are unique in their ability to provide solutions that take full advantage of the complete ARM technology portfolio.



We use cookies to give you the best experience on our website. By continuing to use our site you consent to our cookies.

Change Settings

Find out more about the cookies we set