Overview

Arm TrustZone technology provides system-wide hardware isolation for trusted software. For the past several years it was found only in Cortex-A application profile processors. With the release of the Armv8-M architecture, TrustZone was introduced into the Cortex-M microcontroller profile to fill in the market need for efficient secure embedded solutions. 

Everything you need to know about TrustZone for Armv8-M is here.

Background

TrustZone creates an isolated Secure world which can be used to provide confidentiality and integrity to the system.  It is used on billions of applications' processors to protect high-value code and data for diverse use cases including authentication, payment, content protection and enterprise.  On application processors it is frequently used to provide a security boundary for a GlobalPlatform Trusted Execution Environment (shown below with the non-secure world in blue and the smaller secure world in green).


Hardware

The TrustZone hardware architecture provides a security framework that enables a device to counter many of the specific threats that it will experience. Instead of providing a fixed one-size-fits-all security solution, TrustZone technology provides the infrastructure foundations that allow the SoC designer to choose from a range of components that can fulfill specific functions within the security environment.

The primary security objective of the architecture is actually rather simple; to enable the construction of a programmable environment that allows the confidentiality and integrity of almost any asset to be protected from specific attacks. A platform with these characteristics can be used to build a wide ranging set of security solutions which are not cost-effective with traditional methods.

The security of the system is achieved by partitioning all of the SoC’s hardware and software resources so that they exist in one of two worlds - the secure world for the security subsystem, and the non-secure world for everything else. Hardware logic present in the TrustZone-enabled AMBA bus fabric ensures that no secure world resources can be accessed by the non-secure world components, enabling a strong security perimeter to be built between the two. A design that places sensitive resources in the secure world, and implements robust software running on the secure processor cores, can protect almost any asset against many of the possible attacks, including those which are normally difficult to secure, such as passwords entered using a keyboard or touch-screen.

Another key advantage of the TrustZone hardware architecture is that extensions that have been implemented in some of the Arm processor cores. These additions enable a single physical processor core to safely and efficiently execute code from both the Normal world and the Secure world in a time-sliced fashion. This removes the need for a dedicated security processor core, which saves silicon area and power, and allows high performance security software to run alongside the Normal world operating environment.  Each physical processor core provides two virtual cores, one considered Non-secure and the other Secure, and a mechanism to robustly context switch between them. The security state is encoded on the system bus and this enables trivial integration of the virtual processors into the system security mechanism; the Non-secure virtual processor can only access Non-secure system resources, but the Secure virtual processor can see all resources.  

The final aspect of the TrustZone hardware architecture is a security-aware debug infrastructure which can enable control over access to secure world debug, without impairing debug visibility of the Normal world.

On applications processors that support the security extensions the transition between non-secure world and secure world is managed by software via a Secure Monitor Call (SMC) which runs at the highest level of privilege e.g. Exception Level 3 (EL3).  For microcontrollers that support TrustZone, the world switch is a hardware transition which is more appropriate for resource constrained chips. For an architecture overview of Armv8-M please see the links below.  A comparison of TrustZone on Armv8-A and Armv8-M is given below.

Feature/Architecture

TrustZone Armv7-A

TrustZone for Armv8-M

Additional security states

SEL0 - Trusted Apps
SEL1 - Trusted OS
EL3 - Trusted Boot and Firmware (Armv8-A)
Secure thread - Trusted code/data
Secure handler - Trusted device drivers, RTOS, Library managers...

Secure interrupts

Yes Yes (Fast)

State transition (Boundary crossing)

Software transition Hardware transition (Fast)

Memory management

Virtual memory MMU with secure attributes Secure Attribution Unit (SAU) and MPU memory partitions

System interconnect security

Yes Yes

Secure code, data and memory

Yes Yes

Trusted boot

Yes Yes

Software

Arm trusted firmware (and third-party TEEs) Keil CMSIS, Arm mbed OS, mbed uVisor and third-party software

Software

For Armv8-A based application processors Arm provides an open source reference implementation of an authenticated trusted boot flow and a secure runtime (BL31).  Arm Trusted Firmware is available on GitHub under a permissive BSD licence and can be easily integrated with a commercial or open source Trusted OS to create a Trusted Execution Environment.  Included in the runtime is a secure world monitor, interrupt routing and an implementation of Power State Co-ordination Interface (PSCI) that is used by all major non-secure world operating systems to ease integration between supervisory software from different vendors working at different levels of privilege.  There is a port of Arm Trusted Firmware to the Juno development platform and it is widely adopted by silicon partners.  For more information, please visit the Arm Trusted Firmware project on GitHub.

Arm is enabling secure world software development on microcontrollers using Keil development tools and FPGAs.  If you are interested in developing secure world software for Armv8-M please contact your local sales office and enquire about availability of tools, models and boards.

Trusted Execution Environment

GlobalPlatform is a standards defining organisation that provides software APIs, compliance and certification schemes for the Trusted Execution Environment.  The work is done in the Device Committee with the aim of creating trusted chip technology that can be used to provide confidentiality and integrity to trusted code and data.  The TEE consists of three parts: hardware based isolation technology (such as TrustZone), trusted boot and a small trusted OS.  The TEE can be used to run multiple isolated trusted apps which may be provisioned over the air. Compared to other security technologies the TEE provides higher performance and access to larger amounts of memory.

Typical use cases for a TrustZone based TEE include: trusted boot, integrity management, authentication, payment, content protection, crypto and mobile device management.  Secure world device drivers can be used to interface to peripherals and for example used to enable trusted user interfaces.

A GlobalPlatform TEE can be used alongside other security technology such as secure elements, hypervisors and security sub-systems to provide multi-layered defence.  The TEE is designed to protect against software attacks (e.g. malware) and common physical attacks (so called "shack" attacks).  GlobalPlatform have created a Protection Profile for the TEE which provides detailed information on the attacks that a TEE should resist.

TrustZone for Armv8-M

Everything you need to know about TrustZone for Armv8-M is here.

Armv8-M architecture extends TrustZone technology to Cortex-M class systems such as microcontrollers, enabling robust levels of protection at all cost points. 

Secure resources are protected from non-secure access enabling the system designer to isolate and compartmentalize their design. This is achieved through a Secure Attribution Unit (SAU) that is similar to an MPU. Since the transitions between the two states are hardware based they are almost instantaneous and thus maintain the real time performance and reduced software overhead associated with Arm’s Cortex-M microcontroller profile.

Writing code for the normal world remains the same as before: the application has access to privileged and non-privileged space plus interrupts. To call on libraries in the secure world, function entry points are linked into the project. This design simplifies software development for Cortex-M processors that incorporate TrustZone technology.

Typically system suppliers will provide some secure code to setup and run the security attributes across all components within a system. In a typical implementation the design will be partitioned so that the code in the secure state is kept as small as possible to reduce the attack surface and vulnerabilities. Similar to TrustZone for Cortex-A processors, programs running in secure state can access both secure and non-secure information, whereas non-secure programs can only access non-secure resources.

TrustZone for Armv8-M - blogs and whitepapers