We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
I read document like this TrustZone Security Whitepaper.
It describes that all resources like CPU, memory and others are divided by Secure World and Normal World. Programs in Normal World can not access resources in Secure World. You must call a special instruction SMC to switch from Normal to Secure world (go through Monitor Mode).
I know x86's Ring0/3 can protect resources from invalid access from lower privilege level processes.
I also know that modern OS like Linux provides Kernel Mode and User Mode. User processes can not access resources located in kernel space, but invoke system calls.
My question is what is the difference between ARM TrustZone's Secure/Normal World and x86's Ring. Or what is the difference between TrustZone and kernel/user mode?
Thanks
ARM provides privileged and non-privileged processor mode, say user and supervisor mode respectively. So more exactly speaking, Linux's kernel/user is the equal of ARM's privileged/non-privileged mode.
TrustZone's secure/non-secure is also a hardware resource separation mechanism but it's different with Linux's kernel/application mode.
The purpose is quite different. It provides the basics to support the functions of a trusted platform module. For instance it can make part of the ROM inaccessible to the operating system and use it to store keys for things like digital rights management. A user can happily change the operating system but they still wouldn't have access to the key. The normal operating system tries to secure the system for its owner. The TrustZone part helps secure a part of the system for a service provider and against the owner. They don't want people just copying their stuff.but users have to be allowed to upgrade their operating systems.