You copied the Doc URL to your clipboard.

5.5. The TrustZone API

To encourage the development of security solutions ARM have produced a standardized software API, called the TrustZone API (TZAPI), which defines a software interface which client applications running in the rich operating environment can use to interact with a security environment.

The API is predominantly a communications API, enabling a client to send command requests to a security service, and to enable the client to efficiently exchange data with the services it is connected to. This communications interface is designed to support the principles of World-shared memory, for high performance bulk data transfer.

Secondary features of the API allow Normal world client applications to authenticate themselves with a secure service, query the properties of installed services, and allow trusted Normal world code to perform run-time download of new security services.


The communications API supports synchronous and (optional) asynchronous calling conventions to support all of the common Normal world operating systems found on embedded devices.

Figure 5.4. : Two example systems that might make use of TrustZone API

Figure 5.4. : Two example systems that might make use of TrustZone

Although the TrustZone API is targeted at systems using a TrustZone-enabled processor, and tries to take advantage of the available hardware features such as World-shared memory, it is designed to be portable to almost any implementation of a secure environment. A system using an extensible security framework running on a smartcard would also be a suitable candidate for an implementation of TrustZone API. In these non-TrustZone systems the implementation of the TZAPI World-shared memory constructs might require a copy, but they should still be portable.

Was this page helpful? Yes No