• State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 346 subscribers
  • Views 11439 views
  • Users 0 members are here
Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is TrustZone for ARMv8-M?

Diya Soubra

As a product manager for the Cortex-M33, I see this question pop up a lot. Below is my version of the answer.

Characteristics of TrustZone technology

  • TrustZone is the security foundation for billions of ARM Cortex-A processor-based systems
  • TrustZone technology is trusted in a diverse range of everyday applications, from secure payment, to content protection, to device authentication 
  • It is used across a wide set of markets – mobile, home and IoT. It is very likely that the phone in your pocket is using TrustZone to protect your device

 

TrustZone technology provides system-wide hardware isolation for trusted software. With the release of the ARMv8-M architecture, TrustZone was introduced into the Cortex-M microcontroller profile to fill in the market need for efficient secure embedded solutions.

TrustZone is a technology used in ARM Cortex processors to implement isolation of assets in a system on chip (SoC). It is a widely adopted technology that has been deployed in the market for over ten years providing SoC security, protecting high-value applications such as mobile payments and digital rights management for media content. Recently it was also introduced in the ultra-low power, small area Cortex-M processors that are the main processor for many devices that form the Internet of Things.

How does it work?

TrustZone gives the chip designer the means to create two completely separate environments running on the same processor. This arrangement enables more secure and simpler software development, reducing the complexity of end product development. Using TrustZone, the device is designed to protect software, peripherals, device ID, security and encryption keys and all such assets from being accessed without proper permission. Given that the TrustZone technology in the heart the processor, and that the processors are adopted strongly by the ecosystem, then the product developer has the flexibility and choice for multiple sources to build the final product without being limited to one unique implementation or source.

TrustZone technology is used across the whole life cycle of the product, from inception in the assembly line, all the way to decommissioning or end of life. A single technology for management of the whole cycle. Of course, isolation is just the foundation, while security is about layers of protection built on top of that foundation. TrustZone is one technology within a suite of ARM technologies providing security from the chip to the cloud.

 

More on the topic here.