Principles of the Kunpeng TrustZone Technology

The Kunpeng confidential computing solution leverages the TrustZone technology of the Kunpeng processor. Time-based resource scheduling creates two independent environments on the same hardware system. See Figure 1.

• Normal world: rich execution environment (REE)
• Secure world: trusted execution environment (TEE)

The two worlds have their own resources, including the memory and cache. A hardware device may be dedicated to the TEE or may be dynamically switched between the REE and TEE when needed. In this way, the secure zone and non-secure zone are physically isolated using hardware, and resources within the secure zone can be accessed by CPUs only when CPUs operate in the TEE.