The ARM approach to enabling trusted computing within the embedded world is based on the concept of a trusted platform; a hardware architecture that extends the security infrastructure throughout the system design. Instead of protecting assets in a dedicated hardware block, the TrustZone architecture enables any part of the system to be made secure, enabling an end-to-end security solution that includes functional units and the debug infrastructure.
With suitable use of security protocols built on top of the TrustZone architecture, such as secure boot and authenticated debug enable, many of the possible hack and shack attack threats can have some form of countermeasure constructed. If these defenses can be used in combination with methods that mitigate the risks associated with lab attacks, for example, by making every device use statistically unique secrets, a very powerful solution begins to emerge.
The TrustZone hardware architecture is covered in detail in Chapter 3.