ARM® TrustZone® is a system-level security technology designed for system-on-a-chip (SoC). It is hardware-based, built into the CPU and system core, and is designed for semiconductor chip designers to design device security features such as trusted roots. TrustZone can be used with any ARM Cortex®-A based system, and with the release and upgrade of the new Cortex-M23 and Cortex-M33 processors, Cortex-M already supports this technology. From the smallest microcontrollers (with TrustZone technology optimized for Cortex-M processors) to high-performance processors (with TrustZone technology optimized for Cortex-A processors), designers can finally get started with design Create outstanding security. TrustZone security technology isolates non-trusted and trusted resources The core concept of TrustZone technology is to isolate trusted and non-trusted resources on the hardware. Inside the processor, the software can only be installed in one of the secure or non-secure domains; switching between the two domains must pass through the software of the Cortex-A processor (hereafter referred to as the security monitor) and the Cortex-M processor. Hardware (core logic) processing can be performed. This implementation of the concept of isolating secure (trusted) domains and non-secure (non-trusted) domains involves not only CPUs, but also storage, on-chip bus systems, interrupts, peripheral device interfaces, and software on SoCs. TrustZone technology for ARMv8-M processor (Cortex-M) The ARMv8-M architecture extends TrustZone technology to Cortex-M-class systems, enabling security at all cost points. TrustZone technology designed for Cortex-M protects firmware and peripherals and isolates for secure boot, trusted updates, and trusted root execution. The architecture has the deterministic real-time responsiveness that embedded solutions should have. At the same time, because context switching between secure and non-secure domains is done in hardware, conversions and higher power efficiency are achieved faster. The architecture eliminates the need to install any security monitor software, because the processor itself can perform the switching task, which not only reduces the storage footprint, but also reduces the dynamic power of code execution. Before moving on to programming, let's introduce the following concepts: 1. Address definition security 2. Add execution status 3. Cross-domain calls Concept 1: Address Definition Security The first concept to understand is that the address definition is secure, that is, each address is associated with a particular security state. The Cortex-M processor uses a newly introduced security attribute unit to check the security status of the address. The system level interface can override this property based on the overall SoC design. When this state is selected, the address is also passed through a storage protection unit (depending on the system configuration). Address definition security diagram Concept 2: New execution status The second concept is "additional execution status." The ARMv7-M and ARMv6-M architectures define two execution modes: the handler mode and the thread mode. The administrator mode is a privileged mode that can access all resources of the SoC; the thread mode can be set to either privileged or non-privileged. With TrustZone security extension technology, we can mirror the processor pattern and construct both secure and non-secure states, each of which contains an administrator mode and a thread mode. The security state and processor mode are orthogonal, so a combination of four states and modes can be formed. When running software in a secure memory, the processor is automatically set to a safe state; otherwise, when running software in non-secure memory, the processor is automatically set to an unsecured state. This design eliminates the need for security monitoring software that would otherwise be used to manage stateful switching, thereby reducing storage footprint and power consumption. New orthogonal state BMA Cable Mount Connectors,BMA Bulkhead Mount Connectors,BMA Flange Mount Connectors,BMA PCB Mount Connectors Xi'an KNT Scien-tech Co., Ltd , https://www.honorconnector.com
