TrustZone System IP
TrustZone Random Number Generator
The use of unpredictable random numbers underpins most modern security schemes. A Random Number Generator (RNG) is a mandatory component in any system that generates cryptographic assets.
A standard Random Number Generator includes 2 components:
- True Random Number Generator (TRNG) – a HW component that generates unpredictable numbers based on a physical process.
- Deterministic Random Bit Generator (DRBG) – an algorithm capable of producing vast amounts of number sequences after being “seeded” by the TRNG
The ARM TrustZone RNG offers these 2 components:
- A TRNG which conforms to the following standards and drafts:
- NIST SP800-90B
- NIST SP800-22
- FIPS 140-2
- BSI AIS-31
- Optionally, a SW-implemented DRBG which follows NIST SP800-90A (making the entire RNG flow SP800-90C compliant)
TrustZone Full Disk Encryption
The ARM TrustZone Full Disk Encryption (FDE) product family includes several single or multi-core, high performance AES (Advanced Encryption Standard) engines, designed to support the need to encrypt all user data saved on the latest generation of solid-state storage devices (UFS, eMMC).
The products in the ARM TrustZone FDE family offer optimized implementations of AES modes of operations “designed for storage”, for example, XTS, CBC-ESSIV and CBC-BitLocker.
TrustZone Address Space Controllers
TrustZone Address Space Controllers extend on-chip security by partitioning external memory in to secure and non-secure regions. The ARM CoreLink TZC-400 TrustZone Address Space Controller protects multiple regions of external memory against software attack, with a fast path to hide look up latency and ARM AMBA 4 ACE-Lite and AXI4 support. For on-chip memory, internal SRAM, TrustZone controllers, perform signature checks and ensure secure boot.