ARM has something called TrustZone.
As per ARM documentation , it gives that a process can run in Secure / Non-Secure World.
- What does the Secure / Non-Secure World means.
Is it related to Processor executing modes or it is related to setting the permissions of memory regions or something else.
- Is there any relationship between the 7 operating modes of ARM and the Secure / Non-Secure Worlds.
- How to enable the TrustZone in ARM.
- From Which version of ARM is this introduced.
- Is it mandatory to use this TrustZone.
Does linux kernel uses this TrustZone extension.
Kindly help me in understanding this.
http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/index.html is a pretty good introductory document that gives an overview of something a little bit too complex to be satisfactorily explained by typing into a text box. But I'll try to answer your direct questions below.
- It refers to an additional privilege option orthogonal to the execution modes. Secure world has the ability to make memory accesses tagged as secure, but can also make non-secure accesses. Normal world can only make non-secure accesses. In addition, certain processor configuration options are only accessible to Secure world. The intent is to isolate secure software in a simple environment where it cannot be (directly) vulnerable to software exploits in the device's main operating system or application software.
- None, apart from it adding an additional "monitor" mode. This monitor mode is used for the "context switch" between Normal and Secure world.
- TrustZone isn't enabled, it is implemented (or not).
- TrustZone was introduced in the Security Extensions to ARM architecture version 6. The first processor supporting it was ARM1176. All Cortex-A processors support it.
- "No", although since TrustZone-capable processors start executing in Secure state on power-on, if the boot loader does nothing to change the security state, all software will run as Secure (removing any security benefits). No, the TrustZone environment is explicitly intended to run alongside your OS, not to be directly integrated into it. For some platforms, the Linux kernel performs Secure Monitor Calls to request Secure world to change certain system configuration options.
To supplement UnixSmurfs answer,
What does the Secure / Non-Secure World means. Is it related to Processor executing modes or it is related to setting the permissions of memory regions or something else.
Mainly it is related to memory regions. All TrustZone compatible devices will tag AXI Bus access with an NS bit. This bit specifies whether the access is from a secure or normal world. In this way, even DMA peripherals under the control of the normal world can be isolated.
Is there any relationship between the 7 operating modes of ARM and the Secure / Non-Secure Worlds.
Not really. However, there is a between world, called Monitor Mode, and apparently it is the most powerful of the bunch. Monitor Mode is a broker between the secure and normal worlds. It can access normal world CP15 registers while still having the sytem memory view of the secure world (will push the NS bit as 0).
How to enable the TrustZone in ARM.
Enable is a bit of an overloaded word. It is built into the CPU as unixsmurf points out. By default TrustZone enabled CPUs will boot in the secure world. If you do nothing, you can be oblivious to the fact the CPU is TrustZone capable. Only by setting up a normal world and handing control to it, will TrustZone be used; possibly this is what you mean by enable.
From Which version of ARM is this introduced.
There are two flavors:
- TrustZone compatible.
- TrustZone enabled.
Section 4.2 of the TrustZone Security Whitepaper answer this. The ARM1176JZ(F)-S, Cortex-A8, Cortex-A9, Cortex-A9-MPCore and Cortex-A5 support TrustZone. The ARM1156T2(F)-S and Cortex-R4 are compatible; they can be a 2nd core in the system. As newer cores are developed, they may be added to the list; this question is a moving target.
Is it mandatory to use this TrustZone. Does linux kernel uses this TrustZone extension.
It is not mandatory. There are two roles the Linux kernel could play; secure and normal world. See svc-handler-to-smc-call for some information on the use of TrustZone with Linux.
Some things not answered which UnixSmurf alludes to; you must ensure that all of the BUS masters and slaves are appropriately aware of the NS bit. This information is outside of the CPU information and involves BUS arbitrators; another topic which is book-like.
See: PRD29-GENC-009492C
ARM TrustZone as a Virtualization Technique in Embedded Systems
Trusted computing building blocks with ARM TrustZone
ARM Trusted Firmware
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 傲 的文章《Handling ARM TrustZones》','https://www.manongdao.com/article-88131.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}