In this guide, we introduce TrustZone.  TrustZone offers an efficient, system-wide approach to security with hardware-enforced isolation built into the CPU. We cover the features that TrustZone adds to the processor architecture, the memory system support for TrustZone, and typical software architectures. We also introduce the resources that are available from Arm to aid system and software developers who are working with TrustZone.

At the end of this guide, you will be able to:

  • Give an example use case for TrustZone, describing how TrustZone is used to fulfill a security need
  • List the number of Security states and physical address spaces in a TrustZone system
  • State the purpose of a Secure Monitor and give examples of the state that it is required to save or restore
  • Name the components in a typical TrustZone enabled memory system and describe their purpose
  • Explain the purpose of the Trusted Base System Architecture and Trusted Board Boot Requirements specifications from Arm
  • Explain how a chain of trust is used to secure the boot of a device

Before you begin

This guide assumes that you are familiar with the Arm Exception model and memory management. If you are not familiar with these subjects, read our Exception model and Memory management guides.

If you are not familiar with security concepts, we also recommend that you read our Introduction to security guide before reading this guide.