The number of IOT devices are increasing day by day and so is the security concern of them. As these embedded devices are connected to internet so they remain on the target. To overcome with the security concerns of embedded devices, ARM has created ARM-TrustZone technology.
ARM TrustZone is an embedded security feature that is built into ARM-based microprocessors. It provides a secure environment for sensitive operations, such as handling encryption keys or verifying digital signatures.
The ARM-Cortex based microprocessor/Microcontroller having trustzone can be used to run trusted boot and trusted OS to create a Trusted Execution Environment (TEE). So, with TrustZone, it can provide the protection of authentication mechanisms, cryptography, mobile device management, payment etc. There are several security properties of TrustZone TEE that make it useful for running sensitive code:
- Isolation: The TEE is isolated from the rest of the system, so it can run sensitive code without interference or tampering from other processes.
- Tamper resistance: The TEE is designed to be resistant to tampering, so that it cannot be easily compromised by attackers.
- Secure boot: The TEE ensures that only trusted code is allowed to run, by verifying the integrity of the code before it is executed.
- Cryptographic protection: The TEE uses strong cryptographic techniques to protect sensitive data and communications, making it difficult for attackers to access or tamper with them.
- Access control: The TEE enforces strict access controls, so that only authorized processes are allowed to access sensitive resources.
Let us try to understand this technology using example of Mobile phones. In working of mobile, there are two distinct environments: the normal world and the secure world. The normal world is the part of the system that operates like a regular computer, running regular applications and processes e.g. running an normal Android application such as WhatsApp. The secure world is a separate, isolated environment that is protected by TrustZone technology e.g. when entering password or OTP or any other sensitive information in any Android app.
The normal world and the secure world are two separate environments that run on the same CPU/ Memory, but they are isolated from each other. The normal world cannot access the secure world, and vice versa. This isolation ensures that the secure world can run sensitive code without interference or tampering from the normal world.
The normal world is where regular applications and processes run, while the secure world is reserved for sensitive operations that require additional security. For example, the normal world might run an operating system, while the secure world might handle tasks such as secure communication, secure storage, or secure authentication.
How Switching happens between Normal & Secure worlds?
The normal and secure world execute in Time sliced manner. The switching between the normal world and the secure world is performed by the CPU itself. When the CPU is running in the normal world, it operates like a regular CPU and can run regular applications and processes. When the CPU receives a request to switch to the secure world, it enters the Secure Monitor mode (Which is a special mode and is Secure Monitoring Call i.e., SMC instruction. To read more about the SMC please click here. This PDF document is provided by ARM about SMC.)
In the Secure Monitor mode, the CPU performs a number of checks to ensure that the request to switch to the secure world is valid. This includes verifying the integrity of the code that will be executed in the secure world and checking the access rights of the requesting process.
Once the CPU has verified that the request is valid, it switches to the secure world and begins executing the code in that environment. The CPU remains in the secure world until it receives a request to switch back to the normal world, at which point it performs the same checks and instructions after which it switches back to the normal world.
The NS bit is a bit in the Configuration Register (CONFIG) that indicates whether the processor is operating in the Normal World or the Secure World. The CONFIG register is a special register that is used to configure the behavior of the processor, and the NS bit is one of the bits in this register.
- 0 – The processor is in Secure World
- 1 – The processor is in Non-Secure (Normal) world.
The value of the NS bit can be changed by software running in the Secure World, using a special instruction called the Secure Configuration Register (SCR) instruction. This instruction allows software in the Secure World to configure the behavior of the processor, including setting the NS bit to switch between the Normal World and the Secure World. We should keep in mind that
- For all modes other than Monitor mode, the SCR.NS bit determines the security state for code execution
- code executing in Monitor mode is executed in the Secure state regardless of the value of the SCR.NS bit.
How is the memory accessed in Normal & Secure World?
In a TrustZone-enabled microprocessor, the memory is accessed in a similar way to a regular microprocessor, but with some additional security measures in place. The microprocessor has two separate memory spaces, one for the Normal World and one for the Secure World, and the memory accesses are controlled by the NS bit in the Configuration Register (CONFIG).
To access memory in the Secure World memory space, the microprocessor uses a special instruction called the Secure Memory Access (SMA) instruction. This instruction allows code running in the Secure World to access the Secure World memory space, while preventing code running in the Normal World from accessing it.
The SMA instruction is used to ensure that the Secure World memory space remains secure and isolated from the Normal World. It prevents unauthorized access to the Secure World memory space, and it ensures that only trusted code running in the Secure World can access the sensitive data and code stored in that space.
How Interrupts are served in Microprocessors having TrustZone?
in the ARM processors that have trustzone, All the IRQ will first go to Monitor. The Monitor will then check if this interrupt corresponds to the Secure worlds or Non-secure world.
If the IRQ relates to the normal world, then it handles IRQs in the same way as a regular processor. This means that it will execute the interrupt handler code for any IRQ that is received, subject to the usual interrupt priority and masking rules.
The IRQ handling behavior changes slightly in the secure world. The secure world has its own separate interrupt controller, which is isolated from the normal world’s interrupt controller. This means that the secure world can handle its own IRQs without interference from the normal world, and vice versa. For example, the secure world may only be allowed to handle certain types of IRQs, or it may be required to use special instructions or protocols to handle IRQs. These restrictions are put in place to prevent the normal world from tampering with the secure world’s IRQ handling, and to prevent the secure world from accessing sensitive data in the normal world’s interrupt controller.
Secure boot is also very important part of TrustZone. We will cover the Secure Boot in our next article.