Architecture

Versal ACAP Technical Reference Manual (AM011)

Document ID
AM011
Release Date
2022-04-26
Revision
1.4 English

In accordance with the recommendations of Arm’s Trusted Base System Architecture specification, devices developed with TrustZone technology enable the delivery of platforms capable of supporting a full trusted execution environment (TEE) and security-aware applications and secure services, or trusted applications (TA). A TEE is an isolated environment dedicated to running security critical tasks. See Arm Documents for more information.

TrustZone technology enables the development of a separate rich operating system and trusted environments by creating additional operating modes to the normal domain, known as the secure domain. The secure domain has the same capabilities as the normal domain while operating in a separate memory space. The secure monitor acts as a virtual gatekeeper controlling migration between the domains.

The TrustZone technology forms the basis of a trusted execution environment for Arm systems. It enables a secure world (secure operating system) to be separated from a non-secure world (main operating system). TrustZone technology enables isolation between a secure and a non-secure world, which is enforced by hardware such that a non-secure world cannot access the resources in a secure world, but a secure world can access both secure and non-secure resources.

Additionally, the Versal® ACAP provides enhanced hardware isolation by means of the Xilinx Memory Protection Unit (XMPU), Xilinx Peripheral Protection Unit (XPPU), System Memory Management Unit (SMMU), and Network on Chip Interconnect (NoC) to allow customers to develop an enhanced TEE, which is more secure than using TrustZone alone.