Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
  • Groups
    • Arm Research
    • DesignStart
    • Education Hub
    • Innovation
    • Open Source Software and Platforms
  • Forums
    • AI and ML forum
    • Architectures and Processors forum
    • Arm Development Platforms forum
    • Arm Development Studio forum
    • Arm Virtual Hardware forum
    • Automotive forum
    • Compilers and Libraries forum
    • Graphics, Gaming, and VR forum
    • High Performance Computing (HPC) forum
    • Infrastructure Solutions forum
    • Internet of Things (IoT) forum
    • Keil forum
    • Morello Forum
    • Operating Systems forum
    • SoC Design and Simulation forum
    • 中文社区论区
  • Blogs
    • AI and ML blog
    • Announcements
    • Architectures and Processors blog
    • Automotive blog
    • Graphics, Gaming, and VR blog
    • High Performance Computing (HPC) blog
    • Infrastructure Solutions blog
    • Innovation blog
    • Internet of Things (IoT) blog
    • Mobile blog
    • Operating Systems blog
    • Research Articles
    • SoC Design and Simulation blog
    • Smart Homes
    • Tools, Software and IDEs blog
    • Works on Arm blog
    • 中文社区博客
  • Support
    • Open a support case
    • Documentation
    • Downloads
    • Training
    • Arm Approved program
    • Arm Design Reviews
  • Community Help
  • More
  • Cancel
Arm Community blogs
Arm Community blogs
Architectures and Processors blog Architecting a more Secure world with isolation and virtualization
  • Blogs
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
More blogs in Arm Community blogs
  • AI and ML blog

  • Announcements

  • Architectures and Processors blog

  • Automotive blog

  • Embedded blog

  • Graphics, Gaming, and VR blog

  • High Performance Computing (HPC) blog

  • Infrastructure Solutions blog

  • Internet of Things (IoT) blog

  • Operating Systems blog

  • SoC Design and Simulation blog

  • Tools, Software and IDEs blog

Tell us what you think
Tags
  • Architecture
  • White Paper
  • virtualization
  • Security
  • Armv8
  • TrustZone
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

Architecting a more Secure world with isolation and virtualization

Berenice Mann
Berenice Mann
August 6, 2018

New Secure world architecture in Armv8.4

Arm TrustZone was introduced to the Arm architecture A-profile in 2003. At the heart of the TrustZone approach is the concept of Secure and Normal worlds that are hardware separated. Secure hardware resources are only accessible by the software running in the Secure world. Software in the Normal world is blocked by the hardware from accessing these resources. This concept of Secure (trusted) and Normal (non-trusted) worlds extends beyond the processor, to encompass memory, software, bus transactions, interrupts and peripherals within a System on a Chip (SoC).

The introduction of TrustZone has paved the way for an ecosystem of trusted operating systems (OS) vendors. Initially, trusted OSs provided basic device security services, such as trusted boot, or handling of platform secrets. Today, trusted OSs have evolved to support bespoke applications that might be used in a variety of security use cases, such as secure payment or media protection.

Normal world v. secure world architecture diagram Armv8.4

Originally, trusted OSs occupied all processor modes associated with TrustZone, and included code devoted to switching between the Normal and Secure worlds, as well as code for providing secure services. In systems based on Armv7, and prior architecture revisions, the switching code runs in monitor mode, whereas services code runs in secure supervisor and secure user modes. In Armv8, monitor mode evolved into an exception level, EL3, with its own memory translation regime and interrupt vectors. This allowed for cleaner separation of code, making it easier to provide separate binary images for switching, and for services.

The advent of EL3 provided new opportunities to standardize key platform management functions. Until then, these were implemented in Normal world software, leading to fragmentation, and solutions that had to be repeated for each OS and each individual platform. The addition of an exception level has made it possible to provide standard firmware solutions for these management functions, removing the fragmentation and generalizing code in Normal world operating systems. An example of this is the Power State Coordination Interface (PSCI) which is a widely adopted standard for system and processor power management. This standardization momentum doesn't stop at specifications and includes the Trusted Firmware open source project, formerly known as the Arm Trusted Firmware project.

Architectural challenges

The success of TrustZone has also created some architectural challenges. In particular, the Secure world now has software from multiple vendors. More than one trusted OS might be required, as applications tend to be specific to each trusted OS. Additionally, platform firmware will be required, and can come from a silicon vendor or an OEM or both. Finally, most implementations carry code from the Trusted Firmware open source project. At the same time, in architecture revisions prior to Armv8.4, there is no mechanism to isolate payloads running in Secure EL1 from the rest of the system. This makes it very hard to isolate code from the various vendors. These factors conspire to make it difficult and costly to audit Secure world code.

To address these challenges in Armv8.4, we have introduced Secure EL2, which provides mechanisms to isolate secure payloads from each other, and from the Normal world. Leveraging this technology requires new thinking in security software architecture for A-profile processors.

Read our new whitepaper

In our latest whitepaper, Isolation using virtualization in the Secure world, Charles García-Tobin, OS architect and Arm Fellow, discusses Secure EL2 and its ramifications for software architecture.

Download whitepaper

Arm welcomes feedback on this whitepaper

Please send your feedback to arm.s-el2-feedback@arm.com

Anonymous
Architectures and Processors blog
  • Arm announces Ampere Mt Jade as first certification for the SystemReady LS band

    Samer El-Haj-Mahmoud
    Samer El-Haj-Mahmoud
    The Arm SystemReady compliance certification program has reached a significant milestone today with the Arm SystemReady LS certification of the Ampere Altra Arm-based Mt. Jade server.
    • May 17, 2022
  • Arm SystemReady certifications reach 50 including the Morello System Development Platform

    Dong Wei
    Dong Wei
    The Arm SystemReady program has reached a significant milestone with over 50 certifications since its launch only two years ago.
    • May 9, 2022
  • Total Compute solutions for the XR market

    Philippe Bressy
    Philippe Bressy
    This blog introduces the different Arm Total Compute solutions for wearable devices in the XR market, like VR headsets and AR smartglasses.
    • March 28, 2022