原文出自:http://www.arm.com/zh/products/processors/technologies/trustzone/index.php
TrustZone
TrustZone technology is tightly integrated tightly into Cortex™-A processors but the secure state is also extended throughout the system via the AMBA® AXI™ bus and specific TrustZone System IP blocks. This system approach means that it is possible to secure peripherals such as secure memory, crypto blocks, keyboard and screen to ensure they can be protected from software attack.
Devices developed with TrustZone technology, according to the recommendations of the Trusted Base System Architecture specification, enables the delivery of platforms capable of supporting a full Trusted Execution Environment (TEE) and security aware applications and secure services, or Trusted Applications (TA). A Trusted Execution Environment is a small secure kernel, and normally developed with standard APIs, developed to the TEE specification evolved by the Global Platform industry forum .
TrustZone enables the development of separate Rich Operating System and Trusted Execution Environments by creating additional operating modes to the Normal domain, known as the Secure domain and the Monitor mode. The Secure domain has the same capabilities to the normal domain while operating in a separate memory space. The Secure Monitor acts as a virtual gatekeeper controlling migration between the domains.
Read more information on the use and development of TEEs and Secure Monitor Code.
In parallel, the demand for mobile devices to handle high-value services is gaining significant momentum. New business models are emerging, from the capability to pay for, download and view the latest Hollywood blockbuster for a specific period, or the ability to pay bills and manage bank accounts remotely from a handset.
These trends have already made mobile devices the next frontier for software attack vectors such as malware, trojans and rootkits. However, through the application of advanced security technology based on ARM TrustZone technology and integrating SecurCore™ tamper resistant elements it is possible to develop devices that can offer both a feature-rich open operating environment and robust security solutions.
Application Examples
- Secured PIN entry for enhanced user authentication in mobile payments & banking
- Protection against trojans, phishing and APT (Advanced Persistent Threats)
- Enable deployment and consumption of high-value media (DRM)
- BYOD (Bring your own device) device persons and application separation
- Software license management
- Loyalty-based applications
- Access control of cloud-based documents
- e-Ticketing Mobile TV
ARM processors supporting TrustZone include: