Principles of TrustZone

Kunpeng BoostKit for Confidential Computing TrustZone Kit offers the TrustZone feature based on the Kunpeng processor architecture. Time-based resource scheduling is used to distinguish between CPU operating states and create two independent environments on one hardware system.

• Normal world: rich execution environment (REE)
• Secure world: trusted execution environment (TEE)

Figure 1 Principles of TrustZone

The two environments have their own resources, including the memory and cache. According to different CPU designs, a hardware device can be dedicated to the TEE or can be dynamically switched between the two environments when needed. A CPU can access resources and hardware in the TEE only when it is in the TEE.

Because resources are strictly isolated, the TEE and REE have their own OS to execute trusted applications.