Text: arm TRUSTZONE (logo).

Arm TrustZone Technology

Arm TrustZone technology offers an efficient, system-wide approach to security with hardware-enforced isolation built into the CPU. It provides the perfect starting point for establishing a device root of trust based on Platform Security Architecture (PSA) guidelines.

The family of TrustZone technologies can be integrated into any Arm Cortex-A processor or processor based on the Armv7-A and Armv8-A architecture, and Cortex-M processors built on the Armv8-M architecture.

TrustZone for Cortex-A

TrustZone is used on billions of application processors to protect high-value code and data for diverse use cases including authentication, payment, content protection and enterprise. On application processors, TrustZone is frequently used to provide a security boundary for a GlobalPlatform Trusted Execution Environment.

Learn more

TrustZone for Cortex-M

The Armv8-M architecture extends TrustZone to Cortex-M, enabling robust levels of protection. TrustZone for Armv8-M has the same high-level features as TrustZone on application processors, with the key benefit that switching between Secure and Non-secure worlds is done in hardware for faster transitions and improved power efficiency.

Learn more

TrustZone for Armv8-A vs. TrustZone for Armv8-M

Feature/Architecture TrustZone for Armv8-A TrustZone for Armv8-M 
Additional security states SEL0 - Trusted Apps SEL1 - Trusted OS EL3 - Trusted Boot and Firmware (Armv8-A) Secure thread - Trusted code/data Secure handler - Trusted device drivers, RTOS, Library managers...
Secure interrupts Yes Yes (Fast) 
State transition (Boundary crossing) Software transition Hardware transition (Fast) 
Memory management Virtual memory MMU with secure attributes Secure Attribution Unit (SAU) and MPU memory partitions
System interconnect security Yes Yes
Secure code, data and memory Yes Yes
Trusted boot  Yes Yes
Software Trusted Firmware-A (and third-party TEEs) Arm Keil MDK, CMSIS, Arm Mbed OS, Trusted Firmware-M and third-party software

Get support

Community Blogs

Blog post image
Silicon Labs’ multiprotocol Series 2 wireless platform adds cutting-edge se

Read more about Silicon Labs Arm Cortex-M33 based low-power wireless family with support for Bluetooth 5.1, Zigbee 3.0 and Thread.

1 years ago by Kobus Marneweck
Blog post image
Anchoring TrustZone with SRAM PUF

Let's take a look at how SRAM PUF, enabled through software, is a powerful addition to the security features offered by Arm TrustZone.

1 years ago by Marten van Hulst
3
Blog post image
STMicroelectronics enhances STM32 portfolio security with new Arm…

The first ST product family to incorporate TrustZone technology for Arm Cortex-M processors, making possible system-wide software security and a new level of trust for embedded devices.

2 years ago by Kobus Marneweck
Blog post image
NXP enhances embedded security and signal processing with new Arm…

NXP announces two new chip families based on the Arm Cortex-M33 processor, one of the first Cortex-M processors with TrustZone security technology, bringing a new level of trust to embedded systems.

2 years ago by Kobus Marneweck
1
Blog post image
Enhancing embedded device security with new TrustZone-enabled microcontroll

The introduction of Nuvoton’s M2351 microcontroller, including the Arm Cortex-M23 processor brings a new level of trust and security to embedded systems.

2 years ago by Kobus Marneweck
1
Blog post image
Microchip release first Arm Cortex-M23 based chip bringing new levels of…

Microchip unveiled two MCU families, the SAM L11 with TrustZone for Armv8-M, for applications requiring embedded security, and SAM L10 for low-power and touch capabilities.

2 years ago by Kobus Marneweck

Community Forums

Answered Cortex-M33 - SVC call from non-secure code does not trigger non-secure SVC exception
  • Real Time Operating Systems (RTOS)
  • Trusted Firmware-M
  • TrustZone for Armv8-M
  • Armv8-M
 0 votes 500 views 3 replies Latest 23 days ago by Michael Jung Answer this
Answered The Monitor
  • TrustZone
 0 votes 5309 views 4 replies Latest 1 months ago by yufeifei Answer this
Not answered Are the IDAU NS and NSC signals assumed to be mutually exclusive? 0 votes 346 views 0 replies Started 1 months ago by kappajacko Answer this
Discussion SAU vs. IDAU in a System with Multiple Masters
  • Security
  • TrustZone
  • Armv8-M
 0 votes 10838 views 5 replies Latest 1 months ago by Chris Reed Answer this
Suggested answer Arm Musca A1 - SRAM0 MPC Security attribute during boot
  • Musca-A
  • TrustZone for Armv8-M
  • CoreLink SSE-200
 0 votes 2613 views 2 replies Latest 1 months ago by Daniel Oliveira Answer this
Suggested answer Switching from 32bit to 64bit 0 votes 2459 views 1 replies Latest 5 months ago by 42Bastian Schick Answer this
Answered Cortex-M33 - SVC call from non-secure code does not trigger non-secure SVC exception Latest 23 days ago by Michael Jung 3 replies 500 views
Answered The Monitor Latest 1 months ago by yufeifei 4 replies 5309 views
Not answered Are the IDAU NS and NSC signals assumed to be mutually exclusive? Started 1 months ago by kappajacko 0 replies 346 views
Discussion SAU vs. IDAU in a System with Multiple Masters Latest 1 months ago by Chris Reed 5 replies 10838 views
Suggested answer Arm Musca A1 - SRAM0 MPC Security attribute during boot Latest 1 months ago by Daniel Oliveira 2 replies 2613 views
Suggested answer Switching from 32bit to 64bit Latest 5 months ago by 42Bastian Schick 1 replies 2459 views