linux kernel - Handling ARM TrustZones

Question

ARM has something called TrustZone. As per ARM documentation , it gives that a process can run in Secure / Non-Secure World.

1. What does the Secure / Non-Secure World means. Is it related to Processor executing modes or it is related to setting the permissions of memory regions or something else.
2. Is there any relationship between the 7 operating modes of ARM and the Secure / Non-Secure Worlds.
3. How to enable the TrustZone in ARM.
4. From Which version of ARM is this introduced.
5. Is it mandatory to use this TrustZone. Does linux kernel uses this TrustZone extension.

Kindly help me in understanding this.

Answer 1

http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/index.html is a pretty good introductory document that gives an overview of something a little bit too complex to be satisfactorily explained by typing into a text box. But I'll try to answer your direct questions below.

1. It refers to an additional privilege option orthogonal to the execution modes. Secure world has the ability to make memory accesses tagged as secure, but can also make non-secure accesses. Normal world can only make non-secure accesses. In addition, certain processor configuration options are only accessible to Secure world. The intent is to isolate secure software in a simple environment where it cannot be (directly) vulnerable to software exploits in the device's main operating system or application software.
2. None, apart from it adding an additional "monitor" mode. This monitor mode is used for the "context switch" between Normal and Secure world.
3. TrustZone isn't enabled, it is implemented (or not).
4. TrustZone was introduced in the Security Extensions to ARM architecture version 6. The first processor supporting it was ARM1176. All Cortex-A processors support it.
5. "No", although since TrustZone-capable processors start executing in Secure state on power-on, if the boot loader does nothing to change the security state, all software will run as Secure (removing any security benefits). No, the TrustZone environment is explicitly intended to run alongside your OS, not to be directly integrated into it. For some platforms, the Linux kernel performs Secure Monitor Calls to request Secure world to change certain system configuration options.