TrustZone System IP

TrustZone Random Number Generator

The use of unpredictable random numbers underpins most modern security schemes. A Random Number Generator (RNG) is a mandatory component in any system that generates cryptographic assets.

A standard Random Number Generator includes 2 components:

  • True Random Number Generator (TRNG) – a HW component that generates unpredictable numbers based on a physical process.
  • Deterministic Random Bit Generator (DRBG) – an algorithm capable of producing vast amounts of number sequences after being “seeded” by the TRNG

The ARM TrustZone RNG offers these 2 components:

  1. A TRNG which conforms to the following standards and drafts:
    • NIST SP800-90B
    • NIST SP800-22
    • FIPS 140-2
    • BSI AIS-31
  2. Optionally, a SW-implemented DRBG which follows NIST SP800-90A (making the entire RNG flow SP800-90C compliant)

TrustZone Full Disk Encryption

The ARM TrustZone Full Disk Encryption (FDE) product family includes several single or multi-core, high performance AES (Advanced Encryption Standard) engines, designed to support the need to encrypt all user data saved on the latest generation of solid-state storage devices (UFS, eMMC).

The products in the ARM TrustZone FDE family offer optimized implementations of AES modes of operations “designed for storage”, for example, XTS, CBC-ESSIV and CBC-BitLocker.

TrustZone Address Space Controllers

TrustZone Address Space Controllers extend on-chip security by partitioning external memory in to secure and non-secure regions. The ARM CoreLink TZC-400 TrustZone Address Space Controller protects multiple regions of external memory against software attack, with a fast path to hide look up latency and ARM AMBA 4 ACE-Lite and AXI4 support. For on-chip memory, internal SRAM, TrustZone controllers, perform signature checks and ensure secure boot.

Learn more about TZC-400 TrustZone Address Space Controller here

Resources