SoC and CPU System-Wide Approach to Security

Arm TrustZone technology is used on billions of application processors to protect high-value code and data. Arm TrustZone technology offers an efficient, system-wide approach to security with hardware-enforced isolation built into the CPU. It provides the perfect starting point to establish a device root of trust based on PSA guidelines.

 

This concept of secure (trusted) and non-secure (non-trusted) worlds extends beyond the processor to encompass memory, software, bus transactions, interrupts and peripherals within an SoC.

Features and Benefits 
Flexible Foundation 

TrustZone technology provides a foundation for system-wide security and the creation of a trusted SoC. Any part of the system can be designed as part of the secure world, including debug, peripherals, interrupts and memory.

Range of Security Options

Instead of providing a fixed one-size-fits-all security solution, Arm TrustZone technology provides the foundations that allow the SoC designer to choose from a range of components that can fulfil specific functions within the security environment.

What Is TrustZone Technology?

TrustZone technology within Cortex-A based application processors is commonly used to run trusted boot and trusted OS to create a Trusted Execution Environment (TEE). Typical use cases include the protection of authentication mechanisms, cryptography, mobile device management, payment, key material, and digital rights management (DRM).

How Does TrustZone for Cortex-A Work?

At the heart of the TrustZone approach is the concept of secure and non-secure worlds that are hardware separated, with non-secure software blocked from accessing secure resources directly. Within Arm Cortex-A processors, software either resides in the secure world or the non-secure world; a switch between the two is accomplished via software referred to as the secure monitor.

This concept of secure (trusted) and non-secure (non-trusted) worlds extends beyond the processor to encompass memory, software, bus transactions, interrupts, and peripherals within an SoC.

Learn More
Related Products and Services
Explore More Options and Features

Trusted Execution Environment

GlobalPlatform is a standard-defining organization that provides software APIs, compliance, and certification schemes for the Trusted Execution Environment (TEE) for TrustZone with Cortex-A processors. The Device Committee creates trusted chip technology for ensuring confidentiality and integrity to trusted code and data.

Trusted Firmware 

A reference implementation of low-level secure world software known as Trusted Firmware is available as open source on GitHub and includes trusted boot and secure runtime for switching between the non-secure and secure worlds.

TrustZone for Arm Cortex-M Processors

TrustZone technology for Cortex-M processors enables robust levels of protection at all cost points for small embedded and IoT devices. Explore more about TrustZone for Cortex-M.

Learn More
Talk with an Expert

Interested in learning more about the best approach to security? Talk with an Arm expert. 

 

Learn More

TrustZone Resources

Everything you need to know to make the right decision for your project. Includes technical documentation, industry insights, and where to go for expert advice. 

 

White Papers:

Visit Arm Developer
Development of TEE and Secure Monitor Code

Arm recommends investigating commercial TEE solutions from Trusted OS suppliers that are members of GlobalPlatform.

Read More