Home

TrustZoneM

TrustZone-M is ARM’s hardware-assisted security extension for ARMv8-M microcontrollers that partitions a device’s software and resources into two distinct execution environments: a secure world and a non-secure world. This separation enables security-critical code and data to run isolated from ordinary application software, while still sharing the same physical processor and peripherals. The goal is to provide a trusted execution environment on low-power microcontrollers suitable for embedded and Internet of Things devices.

The architectural basis of TrustZone-M relies on memory-attribute and security-state controls built into ARMv8-M cores. A

Software support centers around enabling secure boot, trusted firmware, and secure services within the secure world,

Applications of TrustZone-M span IoT devices, consumer electronics, and automotive components, where hardware-enforced isolation helps reduce

Security
Attribution
Unit
(SAU)
marks
memory
regions
as
secure
or
non-secure,
occasionally
complemented
by
an
Implementation
Defined
Attribution
Unit
(IDAU)
for
additional
configuration.
A
non-secure
callable
mechanism
allows
controlled
entry
points
from
the
non-secure
world
to
secure
services.
Transitions
between
worlds
are
governed
by
defined
rules
so
that
secure
operations,
cryptographic
keys,
and
security-sensitive
data
remain
protected
from
non-secure
software.
while
the
non-secure
world
runs
general
application
code.
ARM
provides
a
reference
implementation
called
Trusted
Firmware-M
(TF-M)
to
manage
secure
boot,
secure
storage,
cryptographic
services,
and
access
to
secure
peripherals.
This
framework
helps
developers
implement
end-to-end
security
with
a
relatively
small
performance
and
footprint
impact
suitable
for
resource-constrained
devices.
attack
surfaces
and
protect
sensitive
assets.
While
it
does
not
equate
to
a
full-fledged
multi-core
security
enclave,
TrustZone-M
offers
a
practical
security
partitioning
approach
for
Cortex-M
based
systems.