Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
ARM architecture family
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===={{anchor|TrustZone}}TrustZone (for Cortex-A profile)==== The Security Extensions, marketed as TrustZone Technology, is in ARMv6KZ and later application profile architectures. It provides a low-cost alternative to adding another dedicated security core to an SoC, by providing two virtual processors backed by hardware based access control. This lets the application core switch between two states, referred to as ''worlds'' (to reduce confusion with other names for capability domains), to prevent information leaking from the more trusted world to the less trusted world.<ref>{{cite web |url=https://developer.arm.com/documentation/100935/0100/The-TrustZone-hardware-architecture- |title=The TrustZone hardware architecture |publisher=[[Arm Holdings|ARM Developer]]}}</ref> This world switch is generally orthogonal to all other capabilities of the processor, thus each world can operate independently of the other while using the same core. Memory and peripherals are then made aware of the operating world of the core and may use this to provide access control to secrets and code on the device.<ref>{{cite web |url=https://genode.org/documentation/articles/trustzone |title=Genode β An Exploration of ARM TrustZone Technology |access-date=10 July 2015}}</ref> Typically, a rich operating system is run in the less trusted world, with smaller security-specialised code in the more trusted world, aiming to reduce the [[attack surface]]. Typical applications include [[digital rights management|DRM]] functionality for controlling the use of media on ARM-based devices,<ref>{{cite press release |url=https://news.thomasnet.com/companystory/476887 |title=ARM Announces Availability of Mobile Consumer DRM Software Solutions Based on ARM TrustZone Technology |publisher=News.thomasnet.com |access-date=18 April 2009}}</ref> and preventing any unapproved use of the device. In practice, since the specific implementation details of proprietary TrustZone implementations have not been publicly disclosed for review, it is unclear what level of assurance is provided for a given [[threat model]], but they are not immune from attack.<ref>{{cite web |url=https://bits-please.blogspot.com/2015/08/full-trustzone-exploit-for-msm8974.html |title=Bits, Please!: Full TrustZone exploit for MSM8974 |last=Laginimaineb |date=8 October 2015 |website=Bits, Please! |access-date=3 May 2016}}</ref><ref>{{cite web |url=https://www.blackhat.com/docs/us-15/materials/us-15-Shen-Attacking-Your-Trusted-Core-Exploiting-Trustzone-On-Android.pdf |title=Attacking your 'Trusted Core' Exploiting TrustZone on Android |author=Di Shen |publisher=[[Black Hat Briefings]] |access-date=3 May 2016}}</ref> Open Virtualization<ref>{{cite web |url=http://www.openvirtualization.org |title=ARM TrustZone and ARM Hypervisor Open Source Software |publisher=Open Virtualization |access-date=14 June 2013 |archive-url=https://web.archive.org/web/20130614081110/http://openvirtualization.org/ |archive-date=14 June 2013 |url-status=dead}}</ref> is an open source implementation of the trusted world architecture for TrustZone. [[AMD]] has licensed and incorporated TrustZone technology into its [[AMD Platform Security Processor|Secure Processor Technology]].<ref>{{cite web |title=AMD Secure Technology |url=https://www.amd.com/en-us/innovations/software-technologies/security |website=AMD |access-date=6 July 2016 |archive-url=https://web.archive.org/web/20160723094537/https://www.amd.com/en-us/innovations/software-technologies/security |archive-date=23 July 2016}}</ref> AMD's [[AMD Accelerated Processing Unit|APU]]s include a Cortex-A5 processor for handling secure processing, which is enabled in some, but not all products.<ref>{{cite news |last1=Smith |first1=Ryan |title=AMD 2013 APUs to include ARM Cortex A5 Processor for Trustzone Capabilities |url=https://www.anandtech.com/show/6007/amd-2013-apus-to-include-arm-cortexa5-processor-for-trustzone-capabilities |access-date=6 July 2016 |website=[[AnandTech]] |date=13 June 2012}}</ref><ref name="beema">{{cite news |last1=Shimpi |first1=Anand Lal |title=AMD Beema Mullins Architecture A10 micro 6700T Performance Preview |url=https://www.anandtech.com/show/7974/amd-beema-mullins-architecture-a10-micro-6700t-performance-preview |access-date=6 July 2016 |website=[[AnandTech]] |date=29 April 2014}}</ref><ref>{{cite news |last1=Walton |first1=Jarred |title=AMD Launches Mobile Kaveri APUs |url=https://www.anandtech.com/show/8119/amd-launches-mobile-kaveri-apus |access-date=6 July 2016 |website=[[AnandTech]] |date=4 June 2014}}</ref> In fact, the Cortex-A5 TrustZone core had been included in earlier AMD products, but was not enabled due to time constraints.<ref name="beema"/> [[Samsung Knox]] uses TrustZone for purposes such as detecting modifications to the kernel, storing certificates and attestating keys.<ref>{{cite web |url=https://docs.samsungknox.com/admin/whitepaper/kpe/hardware-backed-root-of-trust.htm |title=Root of Trust |type=white paper |date=April 2016 |publisher=[[Samsung Electronics]]}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)