Introduction
TrustZone is a hardware-level security technology provided by the ARM architecture. It creates isolated secure environments (Secure World) and normal environments (Normal World) within the processor to protect sensitive data and critical operations.
Architecture
TrustZone technology achieves the separation of the Secure World and the Non-secure World through hardware isolation, ensuring that non-secure software cannot directly access secure resources. In the Arm Cortex-A architecture, synchronization and state switching between the non-secure and secure states are performed via the Secure Monitor Call (SMC) exception. The SMC exception is triggered by executing the SMC instruction and is handled by the Secure Monitor. The Trustzone architecture is illustrated in figure below
Features
Trustzone architecture contains the following features:
Normal World and Secure World communication:
Based on shared memory mechanisms.
Optimized for zero-copy data transfer.
Pre-emptive micro-kernel architecture:
Does not block the Normal World OS.
Custom Secure Drivers:
SiPs or OEMs can develop their own Secure Drivers through the SDK.
Internal API:
Cryptographic processing with major algorithms support.
Data wrapping for persistent secure storage.
Memory Separation:
Each process and TA has its own virtual address space, enforced by MMU.
Power Management compliant:
Supports save and restore of secure memory upon power management events.
APIs
The GlobalPlatform API is a set of standardized interfaces primarily used for interactions between the Trusted Execution Environment (TEE), the operating system, applications, and other components. The core components are described in detail below:
TEE Client API
Used by applications in the normal operating system to communicate with the TEE. It supports functions such as secure storage and cryptographic operations.
API |
Description |
Usage |
|---|---|---|
TEEC_InitializeContext() |
Initializes a context connecting to the TEE |
Sets up communication with TEE |
TEEC_FinalizeContext() |
Finalizes and releases a previously initialized context |
Releases resources |
TEEC_OpenSession() |
Opens a session between client and trusted application. |
Begins a secure session |
TEEC_CloseSession() |
Closes an existing session. |
Ends a secure session |
TEEC_InvokeCommand() |
Invokes a command within an open session. |
Calls a function in the trusted app |
TEEC_RegisterSharedMemory() |
Registers memory block as shared between OS and TEE. |
Shares data between REE and TEE |
TEEC_AllocateSharedMemory() |
Allocates a block of shared memory. |
Temporary data exchange |
TEEC_ReleaseSharedMemory() |
Releases a previously allocated shared memory block. |
Frees up shared memory |
TEE Internal API
Designed for internal TEE components, such as communication between the TEE core module and secure elements.
API |
Description |
Usage |
|---|---|---|
TA_CreateEntryPoint() |
Called when the TA instance is created for the first time. |
Initialize resources, allocate memory, set up initial state. |
TA_DestroyEntryPoint() |
Called when the TA instance is destroyed. |
Release resources, cleanup. |
TA_OpenSessionEntryPoint() |
Called when a client opens a new session to the TA. |
Check client identity, prepare session-specific data. |
TA_CloseSessionEntryPoint() |
Called when a session to the TA is closed. |
Release session-related resources. |
TA_InvokeCommandEntryPoint() |
Called when the TA is asked to perform a command. |
Execute logic for specific command IDs from client |
TEE Cryptographic API
Provides cryptographic functions, including symmetric/asymmetric encryption, message digest, random number generation, and secure data processing.
TEE Secure Storage API
Used for securely storing data within the TEE, ensuring data privacy.
TEE Trusted User Interface API
Supports displaying user interface elements within the TEE (such as password input fields) to enhance security. This standard is maintained by the GlobalPlatform organization and supports cross-platform portability.