Arm Confidential Compute Architecture

The Arm Confidential Compute Architecture (Arm CCA) is part of the Armv9-A architecture and is due to be released later this year. It builds on the strong security foundations of TrustZone and introduces the concept of dynamically created “realms.”


Realms provide additional execution environments to ordinary programs for the secure processing of confidential data. Realms are isolated from the existing Normal and Secure worlds that we have today in TrustZone. The security policy of a realm is configured using a small amount of trusted and attestable software. This software is inherently separated from the Normal-world operating system and hypervisor, and any Secure-world hypervisor and trusted OS. Arm Confidential Compute Architecture democratizes secure computing, enabling all developers to take advantage of it.


Sign up to receive the latest technical information on Arm Confidential Compute Architecture

Confidential Computing: A New Model of Trust

Computing has become a distributed utility where computing sessions can be run on any platform that meets the required security policy. In this environment, the ability to trust this computing utility infrastructure is a crucial element in ensuring that people are confident about the security and privacy of their information. This computing infrastructure is a very attractive target for cybercriminals, intent on stealing our data and code.


The volume and range of sensitive data held on devices is also increasing. New techniques are required to protect this data, and the integrity of applications that process data, from vulnerabilities in privileged software, such as operating system kernels.


For these reasons, we see a growing interest in Confidential Computing, by which we mean the protection of data in use by performing computation within a hardware-backed secure environment. This shields code and data from observation and modification by privileged software and hardware agents. Today, the traditional model of computing places a huge amount of trust in the operating systems and hypervisors that the applications run on. Confidential Computing removes the assumption that the privileged software, responsible for running the computing infrastructure, needs to be able to see or manipulate the data of those running sessions in use.


Later this year, we plan to release the Arm Confidential Compute Architecture (Arm CCA) as part of the Armv9-A architecture, which builds on the strong security foundations of TrustZone.

Other Resources