TrustZone Switch
TrustZone uses hardware to isolate resources to ensure the security of the TEE. When this function is enabled, TEE resources are set by using secure methods immediately when the system is started. These resources are exclusively occupied by the TEE when the server is powered on, and are invisible and inaccessible to the REE.
The TrustZone Kit is provided for scenarios that have confidential data protection requirements. If TrustZone is enabled by default, some resources are reserved and wasted. Therefore, the BIOS provides the TrustZone switch so that the administrator can determine whether to enable this function based on site requirements.
Note that disabling this function does not mean that some security mechanisms are bypassed. It is only a switch of TrustZone. After this function is disabled, TrustZone does not take effect, and related components deployed on the platform are unavailable. However, the system is still available, and the existing security mechanism is not weakened.