Official Block Diagram
-
1. ARMv7
-
2. ARMv8
-
(1) aarch32
-
(2) aarch64
-
(3) Summary of arch32 and aarch64
-
(4) Understanding with Code
-
3. Cortex-A9 architecture
1. ARMv7
2. ARMv8
(1) aarch32
(2) aarch64
(3) Summary of arch32 and aarch64
Understanding aarch32 and aarch64 under armv7:
-
If both secureos and monitor are 64-bit, secureos runs at el1, monitor runs at el3;
-
If both secureos and monitor are 32-bit, both run at EL3 (secureos in svc mode, monitor in svc mode), sharing the page table;
-
If monitor is 64-bit and secureos is 32-bit, secureos runs in svc mode (el1), monitor runs at el3, and they do not share the page table –
(4) Understanding with Code
3. Cortex-A9 architecture
ARM TrustZone architecture is a specially designed security technology aimed at providing hardware-level security protection for modern computing devices. With the widespread use of mobile devices, IoT devices, and other embedded systems in daily life, protecting sensitive data and ensuring overall system security has become particularly important. TrustZone achieves a powerful isolation mechanism by dividing the processor and system resources into secure (Secure) and non-secure (Non-secure) worlds, ensuring that sensitive operations and data are protected from unauthorized access threats.
How TrustZone Works
The core idea of TrustZone is to divide the processor’s execution environment into two distinct worlds: the secure world and the non-secure world. In the secure world, the processor executes sensitive operations such as encryption, key management, and authentication, while in the non-secure world, it executes regular application and operating system tasks. Through this separation, TrustZone ensures that even if applications in the non-secure world are attacked, the sensitive data and operations in the secure world remain unaffected.
TrustZone distinguishes the two worlds through a special control signal – the NS (Non-secure) bit. When the NS bit is 0, the processor is in the secure world and can access all system resources; when it is 1, the processor is in the non-secure world, and access is strictly limited. Switching worlds is typically achieved through privileged instructions (such as the SMC instruction).
Hardware Isolation
TrustZone not only implements isolation at the processor level but also extends this isolation to system resources such as memory, peripherals, and buses. Through the TrustZone Address Space Controller (TZASC) and TrustZone Memory Adapter (TZMA), the system can exert fine-grained control over memory regions, ensuring that memory in the secure world cannot be accessed by the non-secure world. Additionally, TrustZone can control access to peripherals through the TrustZone Protection Controller (TZPC), preventing non-secure world code from directly accessing secure peripherals.
Applications of TrustZone
TrustZone is widely used in many security-sensitive application scenarios. For example, in mobile devices, TrustZone can protect payment information, fingerprint data, and encryption keys, ensuring that even if the operating system or applications are attacked, critical data remains secure. In IoT devices, TrustZone can ensure the security of firmware updates, preventing malware from being implanted in devices.
Furthermore, TrustZone also supports virtualization, allowing secure and non-secure worlds to run different operating system instances in parallel. This flexibility makes TrustZone widely applicable across various fields, from consumer electronics to industrial control systems.
Leave a Comment
Your email address will not be published. Required fields are marked *