ARM Trustzone

What is TrustZone?
The term "TrustZone" is somewhat confusingly used when referring to any of the following:

    The security extensions to the ARM architecture and the protection type signals in the AMBA3 AXI bus.

    The security extensions to the ARM architecture and the protection type signals in the AMBA3 AXI bus.

    TrustZone "support" or TrustZone "enabled".

What are the security extensions?
The security extensions to ARMv6 and later add the concepts of "secure" and "non-secure" states and a "secure monitor mode" used for switching between the two. A new instruction—SMC, Secure Monitor Call—has been added for switching execution from any privileged mode to the entry point of the secure monitor.

The AMBA3 AXI bus implements two new signals—ARPROT[1] and AWPROT[1], collectively referred to as AxPROT[1]. These indicate, for read and write transactions respectively, whether the current transaction is secure or non-secure.

Note: This does not necessarily indicate the state of the core, as it is possible for the secure world to perform non-secure accesses.

What is TrustZone Software?
TrustZone Software provides a minimal secure kernel which can be run in parallel with a more fully featured "Rich OS", such as Linux, Symbian or Windows CE—on the same core. It also provides drivers for the Rich OS ("normal world") to communicate with the secure kernel ("secure world").

TrustZone Software uses the security extensions to completely protect the secure kernel, and any secure peripherals, from code running in the normal world. This means that even if an attacker manages to obtain full supervisor privileges in the Rich OS, he cannot gain access to the secure world.

It is supplied with a secure monitor, for switching between secure and normal world, and an example secure first-stage bootloader.

For systems without the security extensions, TrustZone Software Emulation Version can be used to provide a software environment fully compatible with the TrustZone Software on systems with security extensions.

Systems with a separate ARM processor dedicated for security can use the TrustZone Software Multicore - running the secure kernel on its own CPU.

The secure operating system contains a STIP (see http://www.globalplatform.org/) interpreter, which can run "stiplets" in a secure sandbox environment. Using the Native Service API, it is also possible to develop native applications for the secure world.

What do the terms "TrustZone support" and "TrustZone enabled" mean?
Simply put, these terms refer to cores or peripherals making use of the AxPROT[1] signals to distinguish between secure and non-secure accesses—and modifying their behaviour accordingly.

For example, the L220 Level 2 cache controller stores an extra bit for each cache line describing whether the line was filled as a result of a secure or non-secure access. It will then return a miss if the non-secure world tries to access data that is in the cache, but tagged as secure.

Source: ARM Ltd

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值