What is the difference between TrustZone implementation and support in Cortex-A CPUs

Question

I have been doing a little research on ARM and TrustZone since I am considering using a Raspberry Pi 4. However, I am asking because I found related questions that are bit outdated.

Is TrustZone mandatory on all new ARM CPUs? i.e. are they required to implement TrustZone? If not, what vendors implement TrustZone and which don't? I am asking for Cortex-A CPUs. From ARM's documentation I suppose it is not mandatory, since it's called a Security Extension.

What does implement mean, exactly? Is it the same as supported/compatible? I guess all newer Cortex-A CPUs support it, but some may not implement it. I suppose if it is not implemented / only supported, it means that the CPU starts in the 'secure' world but does not change to the 'normal' one?

Finally, from an ARM64 Linux distro running on the 'normal' world, how can one check if the CPU implements TrustZone?

Answer 1

I recently studied TrustZone. It is basically a feature that add a state bit to inform the SoC that it is running in secure or non-secure state. Available on Arm Cortex-A (ARMv7 and ARMv8) and some recent Cortex-M. I advice to read Arm documentations about TrustZone-A and TrustZone-M to understand how it works (in my opinion TrustZone M is simpler to understand).

TrustZone aims to set up a dual state SoC with a simple objective : Non-Secure state (~ normal world) cannot access to the Secure state (~ secure world). This is an additional privileged level.

However you will quickly notice that to take full advantage of this principle, the SoC manufacturer must have made use of this additional bit. Without working at the foundry, it is difficult to know how Cortex are used.

At the software level you will have to look at the possibilities at the Trusted Firmware level. Which is in charge of running Secure and Normal worlds. That said TrustZone is notably used through TEE. May be than OP-TEE, for example, can be tailored to your requirements. There are already resources to deploy it on some Raspberry Pi boards.

Answer 2

Is TrustZone mandatory on all new ARM CPUs? i.e. are they required to implement TrustZone?

No.

If not, what vendors implement TrustZone and which don't?

That would ask for a list and be a reason to close your question. You have to look on line and do research. Often vendors are secretive and will only answer some question under NDA. It depends. So, if a list existed at the current time, it will quickly become outdated. You can see supported boards and vendors at Trusted Firmware for an incomplete list.

What does implement mean, exactly? Is it the same as supported/compatible? I guess all newer Cortex-A CPUs support it, but some may not implement it. I suppose if it is not implemented / only supported, it means that the CPU starts in the 'secure' world but does not change to the 'normal' one?

Support/compatible is whether it will honor the bus signalling of the NS bit. So, the CPU needs to know nothing about TrustZone, but the bus signals from the core allows it to exist in a TrustZone system. ARM is both 'HDL' (hardware description language) and a software CORE company. The distinction is probably only of use to someone at an SOC company integrating the ARM CPU.

Implement means it actually does the TrustZone stuff (bus signaling and the CPU). It does not mean that the chip is secure for all applications. SOC vendors must work to integrate peripherals/devices to work for different security applications.

Also, a particular core may implement TrustZone, but an SOC vendor can handicap it so that it is useless.

Finally, from an ARM64 Linux distro running on the 'normal' world, how can one check if the CPU implements TrustZone?

This is previously asked. Nothing changed. The goal is that this should not be available. There maybe ways for some systems, but not generically.