For question related to implementing and interfacing TrustZone secure and normal world software and the monitor mode that brokers them.
Trustzone is an architecture to allow CPU sharing in cases where a traditional dedicated 'secure CPU' may have been used. This can reduce cost, power and board space.
A TrustZone ARM core has two virtual processors with a bus control 'NS' bit to provide hardware based access control. A TrustZone CPU can switch states between two worlds referred to as 'secure' and 'normal'. The worlds strive to be independent of each other requiring minimal changes to transition from a standalone OS/firmware system.
Memory, peripherals, BUS and CPU are made aware of the world via the 'NS' bit which allows the SOC to provide access control to secrets and code on the system. Master devices such as DMA, or multi-core devices can also be TrustZone aware or the bus master can be set to provide boot time locked access.
TrustZone solutions need several components,
- A TrustZone CPU
- A secure boot mechanism
- Bus control
- Secure world software
Reference:
- ARM Trusted firmware on github
- ARM TrustZone site
- Security extensions on wikipedia.
- TrustZone Whitepaper
- ASU paper on TrustZone
