What is ARM TrustZone?

TrustZone is a hardware security feature that splits the processor and system into two isolated worlds: a Secure world for trusted, sensitive code and a Normal world for the regular operating system and apps. The hardware enforces that Normal-world software cannot access Secure-world memory or peripherals, providing a trusted execution environment for things like keys, payments and biometrics.

The NS, or Non-Secure, bit is a signal that marks whether the processor is currently running in the Secure or Normal world. It propagates across the system bus so memory and peripherals can be designated secure or non-secure, and the hardware blocks any non-secure access to a secure resource.

What is the Secure Monitor?

On Cortex-A, the Secure Monitor is a small, highly trusted piece of code running in the most privileged Monitor mode that controls switching between the Secure and Normal worlds. Software requests a switch with the SMC, Secure Monitor Call, instruction, and the Monitor saves and restores state as it crosses between worlds.

What is a Trusted Execution Environment?

A Trusted Execution Environment, or TEE, is the isolated Secure-world environment built on TrustZone where sensitive operations run, separated from the main, or Rich, operating system. It protects assets such as cryptographic keys, DRM, mobile payments and fingerprint matching, so that even a compromised main OS cannot read them.

DAY 23 · SYSTEM & MEMORY

TrustZone — Security in the Architecture

By EcrioniX · Updated Jun 6, 2026

Your phone stores fingerprints, payment tokens and DRM keys. Even if a hacker fully owns Android, those secrets must stay safe. How? ARM builds a second, isolated computer inside the same chip — TrustZone. It's one of the most important security ideas in modern silicon.

1. Two worlds on one processor

TrustZone splits the entire system into two worlds:

Secure world — small, trusted, audited code: key stores, crypto, secure boot, biometric matching.
Normal world — everything else: the rich OS (Android/Linux) and all your apps.

The crucial guarantee: Normal-world software physically cannot read or write Secure-world memory or peripherals. This isn't enforced by the OS (which could be hacked) — it's enforced by hardware.

Figure — Two isolated worlds on one core; the Secure Monitor is the single controlled gateway.

2. The NS bit — security on the bus

How does hardware know which world it's in? A single signal: the NS (Non-Secure) bit. It tracks the current world and — crucially — propagates across the system bus (AMBA, Day 19). Every memory and peripheral access carries its NS state, so RAM regions and devices can be tagged secure or non-secure. A non-secure access to a secure address is blocked by hardware, full stop.

3. Crossing worlds: the Secure Monitor & SMC

You can't just jump between worlds — that would defeat the isolation. On Cortex-A, the only gateway is the Secure Monitor, tiny trusted code in the most privileged Monitor mode. Software requests a crossing with the SMC (Secure Monitor Call) instruction; the Monitor carefully saves and restores state as it passes control between worlds.

; Normal-world OS asks the Secure world to do something sensitive MOV r0, #SMC_DECRYPT_KEY ; which secure service SMC #0 ; trap to the Secure Monitor → Secure world ; ... Secure world does the work without ever exposing the key ... ; control returns here, in the Normal world

4. The TEE — what runs in the Secure world

The Secure world hosts a Trusted Execution Environment (TEE) — a minimal trusted OS (e.g. OP-TEE) running small trusted applications. Real uses you rely on daily:

Mobile payments — card tokens handled where malware can't reach them.
Biometrics — fingerprint/face templates matched in the Secure world; the Rich OS only gets a yes/no.
DRM — protected video keys for streaming.
Key storage & attestation — device identity and cryptographic keys.

5. Secure boot — the root of trust

Security means nothing if the secure code itself is tampered with. Secure boot establishes a chain of trust: an immutable boot ROM (Day 25) verifies the next stage's signature before running it, which verifies the next, and so on. TrustZone's Secure world is brought up first, under this verified chain, so trusted code is genuine before the Normal world even starts.

6. Cortex-M TrustZone (TrustZone-M)

Microcontrollers got their own, lighter variant in ARMv8-M. Instead of a Secure Monitor and worlds you switch via SMC, TrustZone-M divides the memory map into secure/non-secure regions and lets calls cross at special NSC (Non-Secure Callable) entry points with very low overhead — security for tiny IoT devices without a heavyweight TEE.

✅ The mental model

TrustZone is a hardware-enforced second computer inside the chip: a Secure world the Normal world can never peek into, tracked by the NS bit across the whole bus. Worlds cross only through the Secure Monitor via SMC, the Secure world runs a TEE for keys/payments/biometrics, and secure boot guarantees that trusted code is authentic.

🎯 Day 23 takeaways

TrustZone = Secure world + Normal world, isolated in hardware.
The NS bit carries world state across the bus; HW blocks illegal access.
Worlds cross only via the Secure Monitor, invoked by SMC.
The Secure world runs a TEE — payments, biometrics, DRM, keys.
Secure boot builds the chain of trust; TrustZone-M is the Cortex-M variant.

Quick check

Why must world isolation be enforced by hardware, not the OS?
What does the NS bit do beyond the core itself?
Which instruction requests a switch to the Secure world on Cortex-A?

FAQ

What is TrustZone?

A hardware feature splitting the system into an isolated Secure world and a Normal world, so trusted code/secrets stay safe even if the main OS is compromised.

What is the NS bit?

The Non-Secure signal marking the current world; it propagates on the bus so hardware can block non-secure access to secure resources.

What is a TEE?

The Trusted Execution Environment — the Secure-world OS where keys, payments and biometrics are handled in isolation.

← Back to the full course roadmap