Principles of TrustZone

Kunpeng BoostKit for Confidential Computing TrustZone Kit offers the TrustZone feature based on the Kunpeng processor architecture. Time-based resource scheduling is used to distinguish between CPU operating states and create two independent environments on one hardware system.

• Normal world: rich execution environment (REE).
• Secure world: trusted execution environment (TEE).

The two worlds have their own resources, including the memory and cache. According to different CPU designs, a hardware device may be dedicated to the TEE or may be dynamically switched when needed. A CPU can access resources and hardware in the TEE only when it is in the TEE.

Because resources are strictly isolated, the TEE and REE have their own OS and TAs execute exclusively within the TEE.