リネオブログ

An Introduction to TrustZone

2017 年 09 月 15 日   ソリューション統括部

The Internet of Things (IoT) is growing at an excellent pace, with connected embedded intelligence becoming an integral part of people's lives at an individual, industrial and societal level. ARM TrustZone technology is a system-wide approach to security for system-on-chip (SoC) designs. It is hardware-based security built into the heart of CPUs and systems and used by semiconductor chip designers who want to provide security to devices, such as root of trust. TrustZone technology is available on any ARM Cortex-A based system.

So what is Trust Zone?

At the heart of the TrustZone approach is the concept of secure and non-secure worlds that are hardware-separated from each other. Within the processor, software either resides in the secure world or the non-secure world; a switch between these two worlds is accomplished via software in Cortex-A processors (referred to as the secure monitor). This concept of secure (trusted) and non-secure (non-trusted) worlds extends beyond the CPU. It also covers memories, on-chip bus systems, interrupts, peripheral interfaces and software within a SoC.
There is a Four Compartment Security model implemented in ARM. They are as below:

  1. Normal World - With which USER/SYSTEM modes will work
  2. Hypervisor Mode - were Virtual OS can run
  3. Trusted World - were trusted application and OS resides.
  4. Secure Elements - offering Tamper proof secured processing and storage.
    The Following is the Outline of Trusted Zone

Normal World/Secure World

Features of ARM TrustZone

The main Features of ARM TrustZone are as follows:

  1. TrustZone provides Hardware Isolation
    Each of the Physical cores will be divided into two virtual isolated cores with names Secure World and Normal World.
  2. Monitor Mode
    This is a mechanism to switch between secure mode and normal mode. In other words we could say this monitor mode as the gate keeper to secure world. Monitor Mode can be selected by using SMC (Secure Monitor Calls) instructions and by some exceptions.
  3. CPU state is carried out to the AXI bus
    Secure mode can be enabled by setting AXI bus bit AxProt [1]. A '0' here means secure and a '1' means non secure mode. This will allow implementation of secure-aware peripherals.
    As an Example Let us look into the Trust Zone Architecture of NXP's i.MX SoC.

Features of ARM TrustZone

How Arm TrustZone Works

From the block diagram above we could distinguish what are the special internals that constitute the TrustZone environment in i.MX. The main components that constitute TrustZone in i.MX are as follows:

  1. Generic Interrupt controller (GIC):- Used to distinguish the interrupts from secure world and non-secure world
  2. TrustZone Watchdog Timer (TZ WDOG): - The TrustZone Watchdog (TZ WDOG) timer module protects against TrustZone starvation by providing a method of escaping normal mode and forcing a switch to the TZ mode. TZ starvation is a situation where the normal OS prevents switching to the TZ mode. Such a situation is undesirable as it can compromise the system's security.
  3. TZ Address Space Controller (TZASC):- The TZASC provides security address region control functions required for intended application. It is used on the path to the DRAM controller.
  4. Central Security Unit (CSU):- will determine the security level operation mode as well as the TZ policy. CSU enforces the access rights to peripherals for secure and non-secure modes

Working of TrustZone in Freescale i.MX SoC's.

TrustZone functionality depends on the SCU register. As you can see in the following figure the NS bit in Secure Configuration Register decides the TrustZone Functionality of the SoC.
By setting '0' to the NS bit in SCU makes the TrustZone configured memory and Peripherals to go live.

Partitions SoC into Normal World and Secure World

How to Secure Peripherals?

This can be done by the CSU. Each peripherals including DMA peripherals can be configured separately for TrustZone. These peripherals will be monitored by CSU.

How to Secure Memory?

TZASC (TrustZone Address space controller) will do the secure memory Management for TrustZone. There will be separate MMU Page tables, TLB and Cache memory for secure and non-Secure operations. TZASC will isolate secure memory and non-secure memory from each other. Each of the eight memory (in the case of i.MX) regions can be configured with different security permissions.

CPU Architecture support for ARM TRustZone

For supporting TrustZone, ARM has implemented an Extra processor execution level called EL3 in ARMv8 and Secure Monitor in ARMv7. Secure Monitor Calls are used to get the CPU enter into EL3 Mode.

Memory Architecture support for ARM TRustZone

MMU provides 2 virtual address spaces separately for Secure and non-secure world operations. The TLB and cache entries will have an additional tag to identify the world (Secure or Non-Secure world) that used it.

Posted by vi

Yocto Project 公式実践講座 7 月 ~ 9 月 開催分 受講お申込み受付中!
Yocto Project よもやま話
Yocto よもやま話 第 2 回「Yocto Project SUMMIT 2022/05」
Yocto よもやま話 第 2 回「Yocto Project SUMMIT 2022/05」

2022 年 06 月 20 日 Yocto Project よもやま話

新企画「Yocto Project よもやま話」の連載を始めます
新企画「Yocto Project よもやま話」の連載を始めます

2022 年 04 月 28 日 Yocto Project よもやま話

Linux 技術ネタ
イベントレポート
ET & IoT 2021 レポート
ET & IoT 2021 レポート

2021 年 12 月 01 日 イベントレポート

組込み総合技術展 Embedded Technology 2019 レポート
組込み総合技術展 Embedded Technology 2019 レポート

2019 年 12 月 13 日 イベントレポート

組込み総合技術展 関西 ETWest2019 レポート
組込み総合技術展 関西 ETWest2019 レポート

2019 年 06 月 20 日 イベントレポート

リクルート
新卒採用、絶賛募集中!
新卒採用、絶賛募集中!

2022 年 06 月 06 日 リクルート

違うズラ
違うズラ

2018 年 10 月 26 日 リクルート

信州で人生がかわる
信州で人生がかわる

2018 年 07 月 24 日 リクルート

北小野通信
入笠山ハイキング その 2
入笠山ハイキング その 2

2019 年 10 月 09 日 北小野通信

入笠山ハイキング その 1
入笠山ハイキング その 1

2019 年 10 月 09 日 北小野通信

氷の世界
氷の世界

2019 年 01 月 22 日 北小野通信

ソリューション統括部
シリコンバレー探検記 2019 ~番外編~
シリコンバレー探検記 2019 ~番外編~

2019 年 12 月 10 日 ソリューション統括部

シリコンバレー探検記 2019 ~後編~
シリコンバレー探検記 2019 ~後編~

2019 年 12 月 10 日 ソリューション統括部

シリコンバレー探検記 2019 ~前編~
シリコンバレー探検記 2019 ~前編~

2019 年 12 月 10 日 ソリューション統括部

マーケティング統括部
大成功決起大会!!(ET2019)
大成功決起大会!!(ET2019)

2019 年 12 月 13 日 マーケティング統括部

ESEC 2019 決起大会
ESEC 2019 決起大会

2019 年 04 月 25 日 マーケティング統括部

シリコンバレー探検記 その 2
シリコンバレー探検記 その 2

2018 年 12 月 18 日 マーケティング統括部