ARM TrustZone: Secure Your Embedded Systems

Posted on May 1, 2023 by Matthew Russell

Embedded systems are everywhere, from cars to medical devices and even smartphones. With the increasing use of embedded systems, the importance of security has also grown. ARM TrustZone is a technology that can help developers build secure embedded systems.

Let’s explore what ARM TrustZone is, how it works, and why it’s important.

What is ARM TrustZone?

ARM TrustZone is a system-wide approach to security that provides hardware isolation for secure and non-secure areas of a processor. It is a hardware-based security architecture that is designed to enable software developers to build secure applications and services on ARM-based devices. ARM TrustZone technology provides a hardware-based security solution that is scalable across a wide range of devices.

ARM TrustZone is commonly used in smartphones and tablets to protect sensitive data such as passwords, personal identification numbers (PINs), and biometric data.

TrustZone-enabled Processors

TrustZone-enabled processors are available in a wide range of ARM-based devices, including smartphones, tablets, wearables, and embedded systems. These processors feature two execution modes: secure and non-secure. Secure mode is used to execute trusted software, while non-secure mode is used to execute untrusted software within the same CPU (Cortex ARMv8-A and v7-A architectures ). TrustZone-enabled processors provide a hardware foundation for implementing a trusted execution environment (TEE).

Security standards

To maintain standards for secure digital services and devices, the Global Platform was established as a governing body. It provides the standards in which the Trusted Execution Environment should operate, as well as certification schemes for products.

“The Trusted Execution Environment is a secure area of a device’s hardware where sensitive data and processes can be isolated and protected,” says DornerWorks embedded software engineer Michael Doran. “TrustZone and the Trusted Execution Environment play a crucial role in securing digital services and devices, ensuring that sensitive data and processes are isolated and protected. The Global Platform provides standards and certification schemes to ensure that these secure environments operate effectively.”

ARM TrustZone is used in payment systems to secure payment information such as credit card numbers and other sensitive data, ensuring that it is protected from hackers.

Comparison with Traditional Security Methods

ARM TrustZone represents a departure from traditional security methods, which rely on software-based security solutions. In traditional security methods, security is implemented at the application or software layer, which can be vulnerable to attacks. ARM TrustZone, on the other hand, is implemented at the hardware level, which makes it more difficult for attackers to bypass.

ARM TrustZone provides several advantages over traditional security methods, including:

  • Hardware-based security: ARM TrustZone provides a hardware-based security solution that is more difficult to compromise than software-based solutions.
  • Isolation: TrustZone enables secure and non-secure areas of a processor to be isolated from each other, preventing unauthorized access to sensitive data.
  • Scalability: TrustZone is scalable across a wide range of devices, from small embedded systems to high-performance computing platforms.
  • Cost-effectiveness: By using TrustZone, device manufacturers can reduce the cost of implementing security, as the security features are built into the processor.
  • Flexibility: TrustZone provides developers with a flexible and secure environment in which to build and deploy their applications and services.
ARM TrustZone can be used to secure sensitive patient data such as electronic health records (EHRs) and other personal medical information.

How does ARM TrustZone work?

“TrustZone is a hardware security extension technology developed by ARM that provides a secure execution environment,” says Doran. “Essentially, it splits the hardware into two worlds – a normal world and a secure world. This technology is supported on two different ARM architectures, specifically the Cortex A and M.”

  1. The secure state is where sensitive operations are carried out
  2. The non-secure state is where regular user applications run

“The goal of TrustZone is to provide security for targets running regular applications, such as mobile devices or micro-architectures/controllers.,” Doran says. “This is particularly important given the increased usage of internet-connected mobile and IoT devices in recent years, which has led to a growing need for a greater level of security checks built into the hardware of the system.”

The hardware separation between these two states is achieved through a combination of hardware and software mechanisms, such as dedicated secure memory and secure boot processes. This ensures that even if the non-secure state is compromised, the secure state and its data remain protected.

One key component of TrustZone is the Memory Protection Unit (MPU), which enables access control for different memory regions. The MPU provides hardware-based enforcement of access rules to memory regions, which means that sensitive data can be kept separate and inaccessible to non-secure applications.

“There are different versions that have been defined in ARM architecture,” Doran says. “For example, ARMv7 includes the 32-bit Cortex A9 and M4, while ARMv8 has the 64-bit Cortex A53 and Cortex A57. Each architecture has a slightly different profile, specifically targeted around three features: virtual memory system architectures, real-time protected memory system architectures, and low latency interrupt processing.”

Another important feature of TrustZone is the Cryptography Extension (TZC), which provides hardware-based cryptographic support for secure operations. This includes features such as hardware-based key storage and secure key management, ensuring that sensitive cryptographic operations are carried out in a secure environment.

“Understanding processor modes is crucial for ARM TrustZone, where the Trusted Execution Environment and trusted applications operate in a secure world, while everything else operates in a nonsecure world,” Doran says. “By understanding where the execution environment is running and in what mode, developers can ensure the security of their applications.”

ARM TrustZone can be used to secure IoT devices such as smart thermostats, security cameras, and other connected devices, protecting them from malware and other security threats.

Why is ARM TrustZone important?

ARM TrustZone is an essential technology in today’s digital world, where data breaches and cyberattacks are on the rise. It is an efficient solution for securing a wide range of devices, from mobile phones and tablets to Internet of Things (IoT) devices and servers.

Protecting sensitive data and preventing attacks is one of the primary reasons why ARM TrustZone is important. It provides a hardware-based security architecture that ensures that sensitive data remains protected and isolated from malicious actors. This protection is critical, as data breaches can lead to significant financial and reputational losses for companies and individuals. TrustZone allows for secure storage and processing of sensitive information, such as passwords, encryption keys, and personal identification numbers (PINs).

TrustZone also enhances the security of internet-connected devices. With the rise of IoT devices, security has become a top concern for manufacturers, as these devices are often targeted by hackers due to their lack of robust security features. By using TrustZone, manufacturers can add a hardware-based security layer to their IoT devices, protecting against remote attacks and preventing unauthorized access.

In addition to device security, TrustZone also provides a foundation for secure boot and secure firmware updates. Secure boot is a process that ensures that only authorized firmware and software can run on a device, preventing malicious code from being executed. TrustZone allows for secure boot, ensuring that the device’s firmware and software are verified and authenticated before they are loaded.

Compliance with security standards and regulations is another important benefit of ARM TrustZone. The technology is widely recognized and adopted by regulatory bodies such as NIST, FIPS, and Common Criteria. Using TrustZone can help manufacturers comply with these security standards, making it easier to sell their devices in regulated industries such as healthcare, finance, and government.

ARM TrustZone can be used to secure critical defense and aerospace systems, such as satellite communication systems, radar, and other sensitive military hardware.

Implementing ARM TrustZone

Integrating TrustZone into an embedded system involves several steps, including:

  • Identifying which parts of the system require secure processing and which do not
  • Defining the security policy for the system
  • Configuring the MPU to enforce the security policy
  • Writing software for the secure world and non-secure world
  • Testing the system to ensure that the security policy is being enforced correctly

Choosing a TrustZone-enabled processor is an important step in implementing TrustZone. Some factors to consider when selecting a processor include:

  • Processor performance and power consumption
  • Availability of development tools and support
  • Availability of documentation and reference designs
  • Cost of the processor

There are several tools and resources available for developing TrustZone-based systems, including:

Implementing TrustZone can be a complex process, but the benefits of increased security and protection of sensitive data make it a worthwhile investment for many embedded systems.

ARM TrustZone can be used to secure cloud computing systems, protecting sensitive data stored on remote servers and preventing unauthorized access.

Real-world examples of ARM TrustZone in use

ARM TrustZone technology has been widely adopted across various industries due to its robust security features. Here are some examples of TrustZone implementations in the real world.

Automotive security

Modern cars contain numerous electronic components that are susceptible to cyber-attacks. TrustZone technology can provide an additional layer of security to automotive systems to ensure driver and passenger safety. TrustZone can protect critical components such as the engine control unit (ECU) from malicious attacks, ensuring that the vehicle functions as intended. TrustZone can also prevent hackers from exploiting vulnerabilities in the infotainment system to gain access to other components in the car’s network.

Mobile device security

Mobile devices, such as smartphones and tablets, are widely used for personal and professional purposes. The sensitive information stored on these devices makes them an attractive target for cybercriminals. TrustZone technology has been incorporated into many mobile devices to provide enhanced security features. For instance, TrustZone can be used to secure biometric data such as fingerprints, facial recognition data, and iris scans. TrustZone can also ensure that payments made through mobile devices are secure by providing a trusted environment for processing transactions.

IoT device security

The proliferation of internet-connected devices has created new security risks for consumers and businesses alike. IoT devices are often vulnerable to attacks due to their limited processing power and memory. TrustZone can provide a cost-effective solution for securing IoT devices. For instance, TrustZone can be used to secure IoT sensors that collect sensitive data. TrustZone can also provide a secure environment for firmware updates, ensuring that devices remain protected against the latest threats.

Enhance Your Security with TrustZone

As the number of embedded systems continues to grow and more devices are connected to the internet, increasing the risk of cyber-attacks, the importance of secure design and implementation will only increase.

TrustZone technology provides an effective way to secure a wide range of devices and systems across different industries. Developers can implement TrustZone by choosing a TrustZone-enabled processor and following best practices for system design. This approach can better protect sensitive data and prevent attacks.

If you have concerns about security vulnerabilities in your embedded products, schedule a meeting with our team and see how we can help you overcome those challenges and launch secure products with confidence.

Matthew Russell
by Matthew Russell