ARM TrustZone----Arm Trust zone

Source: Internet
Author: User

Http://www.arm.com/products/security-on-arm/trustzone

https://www.arm.com/

In this website has registered the account: 7XXXXXXXXXXX@qq.com Password: njm56xxxxxxxx

a system-wide approach to security a system-level safety approach ARM TrustZone

Arm®trustzone®technology is a System on Chip (SoC) and CPU system-wide approach to security. TrustZone is hardware-based security built into SoCs by semiconductor chip designers who want to provide secure end points and a device root of trust. The family of TrustZone technologies can be integrated to any ARM cortex-a and the latest cortex-m23 and CORTEX-M33 base D systems, from the smallest of microcontrollers, with TrustZone forcortex-m processors, to high-performance applications processors, with TrustZone technology for CORTEX-A processors.

At the heart of the TrustZone approach was the concept of secure and non-secure worlds that was hardware separated, with Non-secure software blocked from accessing secure resources directly. Within the processor, software either resides in the "secure World" or the non-secure world; A switch between these and worlds is accomplished via software referred to as the Secure Monitor (CORTEX-A) or by the core Logic (CORTEX-M). This concept of secure (trusted) and Non-secure (non-trusted) worlds extends beyond the processor to encompass memory, SOF Tware, bus transactions, interrupts and peripherals within an SoC.

An overview of TrustZone technology are presented on the diagram on the Right:the a processor family offer the Same security concepts, but with a totally different implementation. TrustZone technology provides a foundation for system-wide security and the creation of a trusted platform. Any part of the system can is designed to being part of the the secure world, including debug, peripherals, interrupts and memory . By creating a security subsystem, assets can is protected from software attacks and common hardware attacks.

TrustZone Technology for Application processors (CORTEX-A)

TrustZone technology within CORTEX-A based application processors is commonly used to run trusted boot and A trusted OS To create atrusted execution Environment (TEE). Typical use cases include the protection of authentication mechanisms, cryptography, key material and Digital rights manag Ement (DRM). Applications that run on the secure world is called Trusted Apps.

The partitioning of the worlds is achieved by hardware logic present in the AMBA bus fabric, peripherals and proces Sors. Each physical processor core has both virtual Cores:one considered secure and the other non-secure and a robust mechanism is provided to context switch between them (Secure Monitor exception).  the entry to the secure monitor can is triggered by software executing a dedicated secure monitor call (SMC) Instruc tion or by a number of exception mechanisms. The monitor code typically saves the state of the "the" and restores the state of the world it's being switched to .

In order to implement a secure world on the SoC, trusted software (trusted OS) needs to be developed Protected assets. This code typically implements trusted boot, the secure World Switch monitor, a small trusted OS and trusted apps. Multiple levels of secure world privileges is provided for isolation between trusted boot, trusted OS and trusted apps. The combination of TrustZone based hardware isolation, trusted boot and a trusted OS make up a trusted execution environme NT (TEE). The TEE offers the security properties of confidentiality and integrity to multiple Trusted Apps. Many tee providers follow GlobalPlatform ' s API standard to enable their TEE to deliver a common security capability across Platforms and. A protection profile have been written by GlobalPlatform for Tees and a security evaluation scheme developed this can be US Ed by partners the want to gain security certification from an independent test laboratory.

ARM Trusted Firmware

SoC developers and OEMs can benefit from a reference implementation of low-level secure world software known as ARM Truste D Firmware.

This software are available as open source on GitHub and includes trusted boot and a secure runtime that takes care of the Switching between the non-secure (non-trusted) and secure (trusted) worlds using secure Monitor Code calling convention (S MCCC). ARM Trusted Firmware can be integrated with a commercial or open source Trusted OS to create a TEE.

To aid the system designer in creating a TrustZone based TEE, ARM have created a number of documents, reference software an D Training courses. These documents include:trusted Base System Architecture (TBSA) Trusted Board Boot Requirements (tbbr) TrustZone Media Pr Otection Architecture (TZMP)

To get access to these documents, make a request via your account Manager or FAE.

TrustZone Technology for microcontrollers (CORTEX-M)

ARMV8-M Architecture extends TrustZone technology to CORTEX-M class systems enabling robust levels of protection @ all CO  St points. TrustZone for Armv8-m have the same high-level features as TrustZone on applications processors with the key benefit that C Ontext switching between secure and non-secure worlds is do in hardware for faster transitions and greater power efficie Ncy. There is no need for any secure monitor software.

Embedded software developers enhance their productivity by developing TrustZone systems using C language while maintain th E existing programmer ' s model for the non-secure side. Debug operations is also supported with sensitivity to access to the secure vs the non-secure states.

TrustZone for cortex-m are used to protect firmware, peripheral and I/O, as well as provide isolation for secure boot, Trus Ted Update and root of trust implementations while providing the deterministic real-time response expected for embedded so Lutions.

Discover more technical information on TrustZone for ARMV8-M

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.