Cnc-programmingConceptBeginner · 3 min read

Secure and Non-Secure World in TrustZone in ARM Architecture Explained

In ARM TrustZone, the system is split into two parts: the Secure World and the Non-Secure World. The Secure World handles sensitive tasks like encryption and key management, while the Non-Secure World runs normal applications. This separation helps protect critical data and operations from being accessed or tampered with by less trusted software.

⚙️

How It Works

Imagine your smartphone as a house with two rooms: one is locked and only trusted people can enter, and the other is open to everyone. ARM TrustZone creates these two "rooms" inside the processor called the Secure World and the Non-Secure World. The Secure World is like the locked room where sensitive information and operations happen, such as handling passwords or encryption keys. The Non-Secure World is where regular apps and the operating system run.

The processor switches between these two worlds using a special mechanism. When a secure task needs to run, the processor moves into the Secure World, isolating it from the Non-Secure World. This isolation prevents normal apps from accidentally or maliciously accessing secure data. It’s like having a security guard who controls who can enter the locked room.

💻

Example

This simple pseudocode shows how a system might switch between Secure and Non-Secure Worlds to protect a secret key.

javascript

function accessSecureData(request) {
    if (request.from === "Non-Secure World") {
        // Switch to Secure World
        enterSecureWorld();
        let secret = getSecretKey();
        exitSecureWorld();
        return secret;
    } else {
        return "Access Denied";
    }
}

function enterSecureWorld() {
    // Hardware switches processor mode to Secure
    console.log("Entered Secure World");
}

function exitSecureWorld() {
    // Hardware switches back to Non-Secure
    console.log("Exited Secure World");
}

function getSecretKey() {
    return "TopSecretKey123";
}

// Simulate a request from Non-Secure World
console.log(accessSecureData({from: "Non-Secure World"}));

Output

Entered Secure World Exited Secure World TopSecretKey123

🎯

When to Use

Use the Secure and Non-Secure Worlds in ARM TrustZone when you need to protect sensitive data or operations from normal software. For example, mobile phones use the Secure World to safely store fingerprint data, encryption keys, or payment information. This separation helps prevent malware or apps from stealing or changing critical information.

It is also used in embedded devices like IoT gadgets, where security is important but resources are limited. By isolating trusted code in the Secure World, devices can maintain strong security without needing separate hardware.

✅

Key Points

The Secure World handles trusted, sensitive tasks.
The Non-Secure World runs normal applications and OS.
Hardware enforces isolation between the two worlds.
Switching between worlds is controlled and secure.
Used to protect keys, credentials, and secure operations.

✅

Key Takeaways

ARM TrustZone splits the processor into Secure and Non-Secure Worlds for security.

The Secure World protects sensitive data and operations from normal apps.

Hardware enforces strict isolation between these two worlds.

Switching between worlds is controlled to maintain security.

This model is widely used in mobile and embedded device security.