TEE Reference Documentation
With any complex software system it is critical to understand the interworking of different modules and the capabilities of the underlying hardware. To assist in the development of a Trusted Execution Environment, utilization of Secure Monitor capability, or review of a third-party TEE, Arm suggests that partners review the documentation listed below, and potentially look to join one of the many TrustZone training courses held globally each year.
Arm Architectural Reference Manuals
Comments: The Arm Architecture Reference Manuals define the implementation and instructions utilized in the TrustZone SMC plus variations within the exception model between v7 and v8 of the architecture.
T&Cs: These manuals require a www.arm.com account. Please register at https://login.arm.com/register.php or login via the link above. These documents are free of charge and non-confidential, however they are subject to specific terms outlined in their End User License Agreement.
Arm Technical Reference Manuals
Processor core Technical Reference Manuals (TRMs) are available from Arm Infocenter
Navigate to Cortex-A Series Processors, select the processor and revision you are interested in then select Contents. The TRM should be displayed if it is available.
Comments: The Arm Technical Reference Manuals define the behaviour and implementation of specific processors, and are useful in understanding the trade-offs and differences between processors. All Cortex processors support TrustZone technology. Cortex-A57 and Cortex-A53 processor TRMs are currently only available to processor licensees.
T&Cs: Arm Cortex-Ax manuals are available openly on infocentre.arm.com. Arm Cortex-A5x manuals currently require a non-disclosure agreement (NDA) – please contact your Arm representative if you wish to implement a relevant NDA.
Processor Errata
Software Developer's Errata are available from Arm Infocenter
Navigate to Cortex-A Series Processors and select the processor and revision you are interested in. The Processor Software Errata should be displayed if it is available.
Comments: The Arm Processor Errata documents define errata in the behaviour of specific processors, and are required to ensure that correct behaviour is achieved under the widest set of conditions. Any errata that impacts the security of the processor is immediate elevated to the highest categorization to ensure software vendors are aware of potential issues and workarounds. Cortex-A57 and Cortex-A53 processor errata are currently only available to processor licensees.
T&Cs: These manuals require a www.arm.com account. Please register at https://login.arm.com/register.php or login via the link above. These documents are free of charge and non-confidential, however they are subject to specific terms outlined in their End User License Agreement.
White Papers
Arm Security Technology Building a Secure System using TrustZone Technology
Comments: The TrustZone White Paper introduces many of the concepts of TrustZone, TEE, Secure Operating Systems and specific application use cases.
T&Cs: This White Paper is available on http://infocenter.arm.com/ and is non-confidential.
Platform Design Documents
Trusted Base System Architecture Documents
Comments: Arm Platform Design Documents are system recommendations intended to guide silicon vendors as they make the various trade-offs between functionality, cost, complexity and time to market. The TBSA documents focus on the security requirements of complex SoCs for client and enterprise platforms. The documents are not required for the development or implementation of a TEE , however they may be useful in understanding the design choices made by different silicon vendors for various market requirements.
T&Cs: These system recommendations are available via the TrustZone Ready Program, and are subject to a Non-Disclosure Agreement. Please contact your Arm representative if you wish to implement the relevant agreements.
System IP for TrustZone
CoreLink Interconnect provides on-chip AMBA® connectivity and includes the features needed to create a system secured with TrustZone
Product(s): CCI-400, NIC-400
Advanced AMBA 3 Interconnect NIC-301
The Arm AMBA® 3.0 AXI bus can propagate the secure status of the processor core to the memory and peripherals in the SoC and beyond
Product(s): NIC-301
TrustZone Address Space Controller
The latest Arm TZC provides enhanced capabilites for protecting data held in off chip DRAM. This includes support for the AMBA4 protocols and the ability to protect content in DRM use cases.
Product(s): TZC-400, TZC-380
The TZ MA acts as a single region TZ ASC for on-chip memory which needs to be access only in secure mode
Product(s): BP141
TrustZone Protection Controller
The TZ PC acts to dynamically secure peripherals via software control
Products(s): BP147
Comments: System IP is critical for the propagation of TrustZone secure state within the SoC and this section outline key components which are required to manage these signals. Other IP blocks, such as DRM, GPU, Video and Display Controllers will also be integrated into a secure SoC. These blocks may be from Arms wide portfolio of IP, in which case please visit http://infocenter.arm.com/ for more information, or they may be from third parties. If you are unsure please contact your silicon vendor for clarification.
T&Cs: The system IP manuals are available on http://infocenter.arm.com/. These documents are free of charge and non-confidential.
TrustZone Training
Comments: This course is designed to give platform developers a complete overview of designing trusted systems with Arm TrustZone technology. The course introduces the security extensions to the v6Z, v7-A and v8-A processors. Platform and software requirements to allow such operations as secure boot, DRM or Mobile Payment.
The course discusses a complete trusted system including:
- Secure boot
- Secure monitor
- Trusted kernel and applications
- Normal world OS drivers
- Normal world application development
- Platform design
- Certification
T&Cs: Training courses are subject to contract. Please contact your local Arm Partner Manager or alternatively our Support team.