The Security of ARM TrustZone in a FPGA-Based SoC

Cybersecurity of embedded systems has become a major challenge for the development of the Internet of Things, of Cloud computing and other trendy applications without devoting a significant part of the design budget to industrial players. Technologies like TrustZone, provided by ARM, support a Trusted Execution Environment (TEE) software architecture and are inexpensive integrated solutions. While this technology allows isolation and secure execution of critical software applications (e.g., banking), recent preliminary works highlighted some security breaches or limitations when the ARM processors are embedded in a FPGA-based heterogeneous SoCs such as the Xilinx Zynq or Intel SoC FPGA devices. This paper highlights the security issue of such complex SoCs and details six efficient attacks on the ARM TrustZone extension in the SoC. A prototype system design on a Xilinx Zynq SoC is the target of the attacks presented in this paper but they could be adapted to other SoCs. This paper also includes recommendations and security solutions to design a trustworthy embedded system with a FPGA-based heterogeneous SoC.