Principles of the Kunpeng TrustZone Technology

The Kunpeng BoostKit for Confidential Computing TrustZone Kit offers the TrustZone feature based on the Kunpeng processor architecture. The time division multiplexing technology is used to distinguish the operating status of CPUs. Two independent environments are distinguished on the same hardware system.

• Normal world: rich execution environment (REE)
• Secure world: trusted execution environment (TEE)

The two worlds have their own resources, including the memory and cache. According to different CPU designs, a hardware device may be dedicated to the TEE or may be dynamically switched when needed. A CPU can access resources and hardware in the TEE only when it is in the TEE state.

Because resources are strictly isolated, the TEE and REE have their own OS to execute trusted applications.