Mobile devices are handling lot of important data such as IMEI, SIM lock protocol, bank credentials and platform images. Majority of the embedded devices are running open source software which calls for proper security system across the device. This puts the device under very high risk where device hackers can copy, damage or modify these important assets for their benefits.

Best security solution for an embedded device is to have a dedicated hardware security module with lesser powerful processor, outside or inside SOC which manages cryptographic operations to verify assets. But this solution will have significant impact on power efficiency, design process, area and performance of the device. Other issues are communication across processors, data share/flushing to external memory and still attacker can steal the decrypted content repeatedly at the application level leading to protection of assets under risk.

ARM TrustZone technology provides robust security framework solution by well designed hardware architecture and secure software with minimal impact on the cost. The security of the system is achieved by making complete SOC hardware and software switch between two worlds – Secure world and Non secure world environment. A single physical processor core executes code from both secure and non secure world in time sliced intervals. In secure world TrustZone enabled processor will have separate partition in ROM, RAM to execute and has access to all system resources.

ARM Processer Architecture:

ARM physical processor provides two virtual cores to execute in secure and non secure world. The mechanism which contexts switch between them is called as monitor mode. The entry to monitor mode to switch from non secure to secure world is triggered by software executing a dedicated SMC instruction (Secure Monitor Call). During monitor switch, state of the current world is saved and restored when returned back previous world. The processor in which world it is executing is known by SCR (Secure configuration Register) register CP15.

TrustZone implementation will differ from vendor to vendor for the complete smart phone platform. Above diagram is one typical implementation which explains interaction between two worlds. When communication processor or modem requests to get device ID or IMEI, security daemon reads the IMEI data from crashed secured partition from storage area and requests for verification through trust zone driver. This triggers trusted software execution through monitor mode and returns validated IMEI number to modem.

Current ARM processor architecture designs which supports TrustZone are ARM1176JZ, Cortex A8, Cortex A9 and Cortex A9 MPCore.  The components that undergo changes mainly to be Trust Zone enabled are,

AMBA3 AXI system Bus:

Addition of extra control signal for each read and writes – NS Bit.

AWPROT: Write transaction - low is secure world and high is non secure world

ARPROT: Read transaction - low is secure world and high is non secure world

Advanced Peripheral Bus:

AMBA 3 specification includes APB bridge hardware which is responsible for managing the security of peripherals like interrupt controller, timer and user I/O devices. APB bridge rejects inappropriate settings of security and will not forward them to peripherals.

Memory Management Unit:

TrustZone enabled processor hardware supports two virtual MMU one for each virtual core. This enables each secure and non secure world to have their own local address translation table for the virtual to physical address mapping.

Secure Interrupts:

All general IRQs are used by non secure world interrupt source and FIQ are used by secure world interrupt source. If FIQ occurs and core is in non secure world then monitor software makes the context switch so that core enters into secure world to serve the FIQ. TrustZone enabled processor supports multiple vector tables for non secure world and secure world.

Sasken is working with Mobile Device OEMs and Chipset vendors supporting them in enabling Security (Trustzone) and Enterprise components’.

Authored by Vinay Harugop.