SoC and CPU System-Wide Approach to Security
Arm TrustZone technology is used on billions of application processors to protect high-value code and data. Arm TrustZone technology offers an efficient, system-wide approach to security with hardware-enforced isolation built into the CPU. It provides the perfect starting point to establish a device root of trust based on PSA guidelines.
This concept of secure (trusted) and non-secure (non-trusted) worlds extends beyond the processor to encompass memory, software, bus transactions, interrupts and peripherals within an SoC.
TrustZone technology provides a foundation for system-wide security and the creation of a trusted SoC. Any part of the system can be designed as part of the secure world, including debug, peripherals, interrupts and memory.
Instead of providing a fixed one-size-fits-all security solution, Arm TrustZone technology provides the foundations that allow the SoC designer to choose from a range of components that can fulfil specific functions within the security environment.
TrustZone technology within Cortex-A based application processors is commonly used to run trusted boot and trusted OS to create a Trusted Execution Environment (TEE). Typical use cases include the protection of authentication mechanisms, cryptography, mobile device management, payment, key material, and digital rights management (DRM).
At the heart of the TrustZone approach is the concept of secure and non-secure worlds that are hardware separated, with non-secure software blocked from accessing secure resources directly. Within Arm Cortex-A processors, software either resides in the secure world or the non-secure world; a switch between the two is accomplished via software referred to as the secure monitor.
This concept of secure (trusted) and non-secure (non-trusted) worlds extends beyond the processor to encompass memory, software, bus transactions, interrupts, and peripherals within an SoC.
Trusted Execution Environment
GlobalPlatform is a standard-defining organization that provides software APIs, compliance, and certification schemes for the Trusted Execution Environment (TEE) for TrustZone with Cortex-A processors. The Device Committee creates trusted chip technology for ensuring confidentiality and integrity to trusted code and data.
A reference implementation of low-level secure world software known as Trusted Firmware is available as open source on GitHub and includes trusted boot and secure runtime for switching between the non-secure and secure worlds.
TrustZone technology for Cortex-M processors enables robust levels of protection at all cost points for small embedded and IoT devices. Explore more about TrustZone for Cortex-M.
Interested in learning more about the best approach to security? Talk with an Arm expert.