Larger pre-TrustZone technology systems mainly used one piece of hardware to enforce the isolation policies of the system, the Memory Management Unit (MMU). The MMU splits memory up into isolation regions based on tables which are also held in isolated memory.
TrustZone is an essential feature of the Cortex-M33, but the way ST implemented it in the STM32L5 offers additional advantages. For instance, the device doesn’t just segregate applications between a Trusted and Untrusted side, but can also allocate pins or memory for a much greater flexibility . These memory regions are the double data rate (DDR) memory, on-chip memory (OCM), tightly-coupled memory (TCM), and advanced eXtensible interface (AXI) block RAM in the PL. Access to memory is controlled by the memory controllers, direct memory access controllers (DMACs), memory management units (MMUs), and the XMPUs. Memory Protections • SEP needs more RAM than 4096 bytes of SRAM, so it needs external RAM. • RAM used by SEP must be protected against AP tampering. • Two regions configurable by AP are setup: TZ0 is for the SEP. TZ1 is for the AP’s TrustZone (Kernel Patch Protection). • SEP must wait for AP to setup TZ0 to continue TrustZone-based memory acquisition mechanism called TrustDump that is capa-ble of reliably obtaining the RAM memory and CPU registers of the mobile OS even if the OS has crashed or has been compromised. The mobile OS is running in the TrustZone’s normal domain, and the memory acquisition tool is running in ™ TrustZone ™ Memory Adapter (BP141) Revision: r0p0 Technical Overview This technical overview describes the func tionality of the PrimeCell Infrastructure AMBA 3 AXI TrustZone Memory Adapter (TZMA) in the following sections: • Preliminary material on page 2 † About the AXI TrustZone memory adapter on page 4 † Functional description Utilizing TrustZone Cache Memory Architectural Modifications among others, [Ferraiuolo et al., SOSP 2017] [Sun et al., DSN 2015] among others, [Hua et al., USENIX 2017] [Cho et al., USENIX 2016] among others, [Costan et al., USENIX 2016] [Evtyushkin et al., MICRO 2014] Improve isolation of sensitive apps without add. HW features Use
TrustZone TEE is a hybrid approach that utilizes both hardware and software to protect data. [7] [8] It therefore offers a level of security sufficient for many applications. Only trusted applications running in a TEE have access to the full power of a device's main processor, peripherals and memory, while hardware isolation protects these from
TrustZone – Arm Developer TrustZone is used on billions of application processors to protect high-value code and data for diverse use cases including authentication, payment, content protection and enterprise. On application processors, TrustZone is frequently used to provide a security boundary for a GlobalPlatform Trusted Execution Environment.
TrustZone for Cortex-A. TrustZone is used on billions of application processors to protect high-value code and data for diverse use cases including authentication, payment, content protection and enterprise. On application processors, TrustZone is frequently used to provide a security boundary for a GlobalPlatform Trusted Execution Environment.
TrustZone enables the development of separate environments Rich Operating System - Normal domain Trusted Execution - Secure domain Both domains have the same capabilities Operate in a separate memory space Enables a single physical processor core to execute from both the Normal world and the Secure world Normal world components cannot access security - ARM TrustZone's Secure/Normal world vs. OS's The difference between the IOMMU and TrustZone is the position of the protection. The wikipedia drawing does not show the bus controller. With IOMMU, the protection lays in the DMA device. With TrustZone, each DMA master and slave has access rights (like an MMU in a hypervisor). TrustZone is limited to either secure or normal. ARM Cortex-M TrustZone. Secure/Non Secure Trusted/Non-Trusted Why do you need TrustZone? What is the need for TrustZone? Some Background and Motivation The Classification of Privileged/Non-Privileged 'Access Level' provides some basic form of security mechanism, which the users may use to implement access rights of software running on the processor on system's memory space. What’s new with the Memory Protection Unit (MPU) in Cortex Nov 19, 2016