Arm TrustZone technology is used on billions of applications’ processors to protect high-value code and data. It provides system-wide hardware isolation for trusted software by creating an isolated secure world that ensures confidentiality and system integrity, protecting almost any asset from attack.
At the heart of the TrustZone approach is the concept of secure and non-secure worlds that are hardware separated, with non-secure software blocked from accessing secure resources directly. Within the processor, software either resides in the secure world or the non-secure world; a switch between these two worlds is accomplished via software referred to as the secure monitor.
This concept of secure (trusted) and non-secure (non-trusted) worlds extends beyond the processor to encompass memory, software, bus transactions, interrupts and peripherals within an SoC.
TrustZone technology provides a foundation for system-wide security and the creation of a trusted platform. Any part of the system can be designed to be part of the Secure world, including debug, peripherals, interrupts and memory. By creating a security subsystem, assets can be protected from software attacks and common hardware attacks.
TrustZone Technology for Cortex-A Processors
TrustZone technology within Cortex-A based application processors is commonly used to run trusted boot and a trusted OS to create a Trusted Execution Environment (TEE). Typical use cases include the protection of authentication mechanisms, cryptography, key material and Digital rights management (DRM). Applications that run in the secure world are called Trusted Apps.
The partitioning of the two worlds is achieved by hardware logic present in the AMBA bus fabric, peripherals and processors. Each physical processor core has two virtual cores: one considered secure and the other non-secure and a robust mechanism is provided to context switch between them (Secure Monitor exception). The entry to the secure monitor can be triggered by software executing a dedicated Secure Monitor Call (SMC) instruction or by a number of exception mechanisms. The monitor code typically saves the state of the current world and restores the state of the world it’s being switched to.
In order to implement a secure world in the SoC, trusted software (Trusted OS) needs to be developed to make use of the protected assets. This code typically implements trusted boot, the secure world switch monitor, a small trusted OS and trusted apps. Multiple levels of secure world privileges are provided for isolation between trusted boot, trusted OS and trusted apps. The combination of TrustZone based hardware isolation, trusted boot and a trusted OS make up a Trusted Execution Environment (TEE). The TEE offers the security properties of confidentiality and integrity to multiple Trusted Apps. Many TEE providers follow GlobalPlatform's API standard to enable their TEE to deliver a common security capability across platforms and markets. A protection profile has been written by GlobalPlatform for TEEs and a security evaluation scheme developed that can be used by partners who want to gain security certification from an independent test laboratory.
Trusted Execution Environment
GlobalPlatform is a standards-defining organization that provides software APIs, compliance and certification schemes for the Trusted Execution Environment (TEE). The work is done in the Device Committee with the aim of creating trusted chip technology that can be used to provide confidentiality and integrity to trusted code and data. The TEE consists of three parts: hardware-based isolation technology (such as Arm TrustZone), trusted boot and a small trusted OS. The TEE can be used to run multiple isolated trusted apps which may be provisioned over the air. Compared to other security technologies the TEE provides higher performance and access to larger amounts of memory.
Typical use cases for an Arm TrustZone based TEE include: trusted boot, integrity management, authentication, payment, content protection, crypto and mobile device management. Secure world device drivers can be used to interface to peripherals and for example used to enable trusted user interfaces.
A GlobalPlatform TEE can be used alongside other security technology such as secure elements, hypervisors and security sub-systems to provide multi-layered defense. The TEE is designed to protect against software attacks (e.g. malware) and common physical attacks (so called "shack" attacks). GlobalPlatform have created a Protection Profile for the TEE which provides detailed information on the attacks that a TEE should resist.
Arm Trusted Firmware
SoC developers and OEMs can benefit from a reference implementation of low-level secure world software known as Arm Trusted Firmware.
This software is available as open source on GitHub and includes trusted boot and a secure runtime that takes care of the switching between the non-secure (non-trusted) and secure (trusted) worlds using Secure Monitor Code Calling Convention (SMCCC). Arm Trusted Firmware can be integrated with a commercial or open source trusted OS to create a TEE.
To aid the system designer in creating a TrustZone based TEE, Arm has created a number of documents, reference software and training courses. These documents include:
- Base System Architecture (TBSA)
- Trusted Board Boot Requirements (TBBR)
- TrustZone Media Protection Architecture (TZMP)
To get access to these documents please make a request via your account manager or FAE.
Interested in learning more about the best approach to security? Talk with an Arm expert.
Everything you need to know to make the right decision for your project. Includes technical documentation, industry insights, and where to go for expert advice.