Arm TrustZone Technology

Arm TrustZone technology offers an efficient, system-wide approach to security with hardware-enforced isolation built into the CPU. It provides the perfect starting point for establishing a device root of trust based on PSA guidelines.

The family of TrustZone technologies can be integrated into any Arm Cortex-A processor or processor based on the Armv7-A and Armv8-A architecture, and Cortex-M processors built on the Armv8-M architecture.

Start designing now

Arm Flexible Access gives you quick and easy access to this IP, relevant tools and models, and valuable support. You can evaluate and design solutions before committing to production, and only pay when you’re ready to manufacture.

TrustZone Random Number Generator Chip.

TrustZone Random Number Generator

The use of unpredictable random numbers underpins most modern security schemes, enabling generation and collection of a truly random bit stream from digital logic. A Random Number Generator (RNG) is a mandatory component in any system that generates cryptographic assets.

A standard RNG includes 2 components:

  • True Random Number Generator (TRNG) – a hardware component that generates unpredictable numbers based on a physical process.
  • Deterministic Random Bit Generator (DRBG) – an algorithm capable of producing vast amounts of number sequences after being seeded by the TRNG.

The Arm TrustZone RNG, which is designed for simple SoC integration, offers these two components:

  • A TRNG with built-in hardware tests for auto correlation and Continuous Random Number Generation Testing (CRNGT) that conforms to the following standards and drafts:
    • NIST SP800-90B
    • NIST SP800-22
    • FIPS 140-2, Security Requirements for Cryptographic Modules
    • BSI AIS-31, Functionality Classes and Evaluation Methodology for True Random Number Generators
  • Optionally, a software-implemented DRBG which follows NIST SP800-90A, which make the entire RNG flow SP800-90C compliant.

The TRNG core includes the following key features:

  • 10K bits/second of entropy when the core is running at 200MHz
  • An internal entropy source that is based on a chain of digital inverters
    • Odd number of inverters, leading to continuous oscillation while active
    • Inverter cells that are taken from a standard cells library
  • AMBA APB2 slave interface

TrustZone Full Disk Encryption Chip.

TrustZone Full Disk Encryption

The Arm TrustZone Full Disk Encryption (FDE) product family includes several single or multi-core, high performance Advanced Encryption Standard (AES) engines, designed to support the need to encrypt all user data saved on the latest generation of solid-state storage devices (UFS, eMMC).

The products in the Arm TrustZone FDE family offer optimized implementations of AES modes of operations “designed for storage”, for example, XTS, CBC-ESSIV and CBC-BitLocker.


TrustZone Address Space Controllers Chip.

TrustZone Address Space Controllers

TrustZone Address Space Controllers extend on-chip security by partitioning external memory in to secure and non-secure regions. The Arm CoreLink TZC-400 TrustZone Address Space Controller protects multiple regions of external memory against software attack, with a fast path to hide look up latency and Arm AMBA 4 ACE-Lite and AXI4 support. For on-chip memory, internal SRAM, TrustZone controllers, perform signature checks and ensure secure boot.

Learn more about TZC-400 TrustZone Address Space Controller.

Get support

Arm support

Arm training courses and on-site system-design advisory services enable licensees to realize maximum system performance with lowest risk and fastest time-to-market.

Arm training courses  Open a support case

Want to know more about Security on Arm?

Learn more


Community blogs

Community forums

Suggested answer cmsis-dsp software examples 0 votes 359 views 1 replies Latest yesterday by R.Kopsch Answer this
Answered interfacing STM32 F401re with mcp2515 0 votes 422 views 1 replies Latest 2 days ago by Westonsupermare Pier Answer this
Suggested answer Static Call Graph Details in Keil IDE 0 votes 599 views 4 replies Latest 2 days ago by MoAli Answer this
Answered How to configure GIC in Cortex-R52 for FreeRTOS?
  • Cortex-R52
  • Arm Development Studio
  • GICv3/v4
  • Generic Interupt Controller
0 votes 695 views 2 replies Latest 2 days ago by sska.73 Answer this
Not answered reading data in http client application 0 votes 174 views 0 replies Started 3 days ago by giomaca Answer this
Suggested answer Keil uVision Error L6218E: Undefined Symbol APBPrescTable (referred from stm32f4xx_hal_rcc.o)
  • Keil
  • uVision
0 votes 2499 views 9 replies Latest 3 days ago by Westonsupermare Pier Answer this
Suggested answer cmsis-dsp software examples Latest yesterday by R.Kopsch 1 replies 359 views
Answered interfacing STM32 F401re with mcp2515 Latest 2 days ago by Westonsupermare Pier 1 replies 422 views
Suggested answer Static Call Graph Details in Keil IDE Latest 2 days ago by MoAli 4 replies 599 views
Answered How to configure GIC in Cortex-R52 for FreeRTOS? Latest 2 days ago by sska.73 2 replies 695 views
Not answered reading data in http client application Started 3 days ago by giomaca 0 replies 174 views
Suggested answer Keil uVision Error L6218E: Undefined Symbol APBPrescTable (referred from stm32f4xx_hal_rcc.o) Latest 3 days ago by Westonsupermare Pier 9 replies 2499 views