Go to section:
This page provides developer material for Arm Confidential Compute Architecture (Arm CCA). The vision for Arm CCA is to protect all data and code wherever the computing happens, unlocking the power and full potential of data and AI.
Arm CCA is part of a series of hardware and software architecture innovations that enhance Arm support for confidential computing. Arm CCA is a key component of the Armv9-A architecture, that will deliver on our goal of unlocking the benefits of confidential computing for every industry sector where microprocessors are used.
The diagram shows components of the Arm Confidential Compute Architecture.
What is confidential computing?
Information must always be protected, whether it is at rest (for example, stored in flash memory by a database), in motion (for example, traversing a network), or in use (being processed). Encryption is often used to protect data at rest and in motion, but most data must be decrypted while it is being processed. Confidential computing significantly reduces the risks associated with processing data by performing computation within a hardware-backed secure environment which shields code and data from observation or modification by privileged software and hardware agents.
Arm CCA builds on the isolation technologies that are already widespread in Armv8-A. Arm CCA provides additional security architecture, protecting data and code even in use, and enabling better control of who can access data and algorithms. This technology, introduced in Armv9-A, will help to unlock the true power and potential of data, by reducing the risks associated with sharing data and helping developers to implement strong privacy controls.
Read more about the Arm vision for confidential computing in the blog, Unlocking the power of Data with Arm CCA.
Arm CCA introduces two new capabilities: support for Realms and dynamic TrustZone.
Unlocking the power of Data with Arm CCA
Confidential compute: Realms
The Arm Confidential Compute Architecture introduces the Realm Management Extension (RME) that supports a new class of attestable isolation environment called a Realm. The environment builds on the TrustZone Normal and Secure worlds with two extra worlds, each with its own security state and dedicated physical address space. RME also enables memory to be moved between worlds at runtime, while new hardware checks every memory access, blocking those that are not permitted by the isolation boundaries between the worlds.
RME protects mainstream computing workloads, such as virtual machines or containers from privileged software and hardware agents including the hypervisor, the Normal world kernel and even TrustZone applications.
- Ideal for protecting workloads running in public cloud environments and any platform where the security and integrity of the host operating system can be hard to audit or guarantee.
- Data and code are protected from any platform services and other execution environments:
- Supervisory software including any hypervisor or kernel that created the Realm
- The host OS
- Other Realms
- Devices not trusted by the Realm
- Realms are even protected from TrustZone code.
The following diagram shows the relationship and boundaries between Realms, Normal, and Secure worlds:
In addition to hardware extensions, Arm CCA proposes a firmware and software architecture. Read more about Arm CCA in the Arm Confidential Compute Software Stack guide.
Extending TrustZone: Dynamic TrustZone
In addition to supporting Realms, the Realm Management Extension also enables memory to be moved between the Normal and Secure worlds on-demand. This allows the amount of memory used by TrustZone to scale dynamically with a given use case. We call this Arm dynamic TrustZone technology.
Benefits of dynamic memory support for TrustZone:
- More efficient use of valuable DRAM
- Increased flexibility to use TrustZone for memory-intensive operations
- For example, media decoding, content protection and protection of machine learning models
Introducing Arm’s Dynamic TrustZone technology
Arm Architecture Reference Manual Supplement Memory System Resource Partitioning and Monitoring (MPAM), for A-profile architectureLearn more
Learn the architecture: Introducing Arm Confidential Compute ArchitectureView the guide
Learn the architecture: Realm Management ExtensionView the guide