Arm Confidential Compute Architecture


Our vision for the Arm Confidential Compute Architecture (CCA) is to protect all data and code wherever computing happens – unlocking the power and potential of data and AI. Arm CCA is part of a series of hardware and software architecture innovations that enhances Arm support for confidential computing. Arm CCA is a key component of the Armv9-A architecture achieving our goal of delivering the benefits of confidential computing to every industry sector.

Unlocking the Power of Data with Arm CCA

Arm CCA encompasses the latest enhancements to Arm’s support for confidential computing in Armv9-A.

Introducing Arm’s Dynamic TrustZone Technology

TrustZone has been successfully securing media pipelines on Arm-based devices for over a decade.

Sign up to receive the latest technical information on Arm Confidential Compute Architecture.

Confidential Computing: A New Model of Trust on the Arm Architecture

Computing has become a distributed utility where computing sessions can run on any platform that meets the required security policy, making the ability to trust the computing utility infrastructure crucial to ensure confidence in the security and privacy of information. This model is a prime target for cybercriminals, intent on stealing data and code.


Confidential compute is a broad term for technologies that reduce the need to trust a computing infrastructure, such as the need for processes to trust operating system (OS) kernels and the need for virtual machines to trust hypervisors. While threats span all industry sectors, the Arm architecture is unique in the breadth of form factors and markets where it is used and our partners are actively innovating and delivering confidential computing using existing Armv8-A devices.

Realm Management Extension for Access Control 

Arm CCA builds on the strong security foundations of TrustZone and introduces the concept of dynamically created Realms to be both evolutionary and revolutionary.

Components of Arm CCA

The diagram shows components of the Arm Confidential Compute Architecture.


Click the hotspots to see the details.

Realm Management Extension for Access Control

At the hardware level, the new Realm Management Extension (RME) protects all data and code, even while it’s being used, enabling improved control of who can access data and algorithms. This is the technology that will unlock the true power and potential of data sharing and AI.


RME supports a new type of attestable isolation environment called a Realm. Realms extend confidential compute to all software developers, democratizing secure computing. It also moves providers further from a position of will not access customer data to cannot access customer data. The RME reduces the volume of software that must be trusted, the attack surface for hackers, and the opportunity for customer data breaches.


Realms provide additional execution environments to ordinary programs for the secure processing of confidential data. Realms are isolated from the existing Normal and Secure Worlds that we have today in TrustZone. The security policy of a Realm is configured using a small amount of trusted and attestable software. This software is inherently separated from the Normal-World OS and hypervisor, and from any Secure-World hypervisor and trusted OS.

Securely Run All Applications

Arm CCA security enables applications to run in a secure way and therefore be accepted, trusted and deployed. It leverages the Arm standardization that enables interoperability and portability ensuring ecosystem success.

Benefits of Arm CCA

Fully secures third-party data and code for its owner so that it is not accessible by platform owners.

Ensures minimal impact on existing trusted applications as Realms can work alongside TrustZone.

Applies to any market or form factor that uses microprocessors.

Democratizes secure computing for all developers, and increases scalability, not just those working closely with silicon vendors and device OEMs.

Supports seamless portability across the ecosystem of Arm devices as Realms can be used at the virtual machine level.

Allows Realm owners to verify and prove the integrity of the underlying platform and Realm configuration with native support for attestation.

How Realms Execute in a Protected Memory Space

The Realm Management Extension (RME) supports a new class of attestable isolation environment called a Realm. Realms are isolated from the existing Normal and Secure Worlds that we have today in TrustZone.


As shown in the diagram below, RME protects mainstream computing workloads, such as virtual machines or containers from privileged software and hardware agents including the hypervisor, the Normal World kernel and even TrustZone applications.

Diagram showing how realms execute in a protected memory space

Re-Evaluate Trust Relationships

Today, computing is a distributed utility where computing sessions can be run on any platform that meets the required security policy. The ability to trust this computing utility infrastructure is a crucial element in ensuring that people are confident about the security and privacy of their information.


Arm Confidential Compute

Key Resources

Other Architectures

Find out more about our architectures.