Text: arm TRUSTZONE (logo).

Arm TrustZone Technology

Arm TrustZone technology offers an efficient, system-wide approach to security with hardware-enforced isolation built into the CPU. It provides the perfect starting point for establishing a device root of trust based on Platform Security Architecture (PSA) guidelines.

The family of TrustZone technologies can be integrated into any Arm Cortex-A processor or processor based on the Armv7-A and Armv8-A architecture, and Cortex-M processors built on the Armv8-M architecture.

TrustZone for Cortex-A

TrustZone is used on billions of application processors to protect high-value code and data for diverse use cases including authentication, payment, content protection and enterprise. On application processors, TrustZone is frequently used to provide a security boundary for a GlobalPlatform Trusted Execution Environment.

Learn more

TrustZone for Cortex-M

The Armv8-M architecture extends TrustZone to Cortex-M, enabling robust levels of protection. TrustZone for Armv8-M has the same high-level features as TrustZone on application processors, with the key benefit that switching between Secure and Non-secure worlds is done in hardware for faster transitions and improved power efficiency.

Learn more

TrustZone for Armv8-A vs. TrustZone for Armv8-M

Feature/Architecture TrustZone for Armv8-A TrustZone for Armv8-M 
Additional security states SEL0 - Trusted Apps SEL1 - Trusted OS EL3 - Trusted Boot and Firmware (Armv8-A) Secure thread - Trusted code/data Secure handler - Trusted device drivers, RTOS, Library managers...
Secure interrupts Yes Yes (Fast) 
State transition (Boundary crossing) Software transition Hardware transition (Fast) 
Memory management Virtual memory MMU with secure attributes Secure Attribution Unit (SAU) and MPU memory partitions
System interconnect security Yes Yes
Secure code, data and memory Yes Yes
Trusted boot  Yes Yes
Software Trusted Firmware-A (and third-party TEEs) Arm Keil MDK, CMSIS, Arm Mbed OS, Trusted Firmware-M and third-party software

Get support

Community Blogs

Community Forums

Answered TF-M, how to sign an image.bin in a multi-image configuration?
  • Trusted Firmware-M
  • Cortex-M33
0 votes 735 views 1 replies Latest 1 months ago by Cristiano_Ro Answer this
Answered Non Secure malicious access handling... 0 votes 1020 views 4 replies Latest 1 months ago by TexCorJC Answer this
Answered cpsid from non-secure triggers SecureFault
  • ARMv8 Exception Model
  • CoreLink SSE-200 Subsystem
  • TrustZone
0 votes 1120 views 3 replies Latest 2 months ago by 42Bastian Schick Answer this
Not answered Why have a IDAU/SAU when one has a MPC 0 votes 667 views 0 replies Started 2 months ago by Chris Daniels Answer this
Suggested answer Switching from 32bit to 64bit 0 votes 4351 views 2 replies Latest 4 months ago by Zenon Xiu (修志龙) Answer this
Answered Cortex-M33 - SVC call from non-secure code does not trigger non-secure SVC exception
  • Real Time Operating Systems (RTOS)
  • Trusted Firmware-M
  • TrustZone for Armv8-M
  • Armv8-M
0 votes 2709 views 3 replies Latest 5 months ago by Michael Jung Answer this
Answered TF-M, how to sign an image.bin in a multi-image configuration? Latest 1 months ago by Cristiano_Ro 1 replies 735 views
Answered Non Secure malicious access handling... Latest 1 months ago by TexCorJC 4 replies 1020 views
Answered cpsid from non-secure triggers SecureFault Latest 2 months ago by 42Bastian Schick 3 replies 1120 views
Not answered Why have a IDAU/SAU when one has a MPC Started 2 months ago by Chris Daniels 0 replies 667 views
Suggested answer Switching from 32bit to 64bit Latest 4 months ago by Zenon Xiu (修志龙) 2 replies 4351 views
Answered Cortex-M33 - SVC call from non-secure code does not trigger non-secure SVC exception Latest 5 months ago by Michael Jung 3 replies 2709 views