Paper 2014/464

Providing Root of Trust for ARM TrustZone using On-Chip SRAM

Shijun Zhao, Qianying Zhang, Guangyao Hu, Yu Qin, and Dengguo Feng


We present the design, implementation and evaluation of the root of trust for the Trusted Execution Environment (TEE) provided by ARM TrustZone based on SRAM Physical Unclonable Functions (PUFs). We first implement a building block which provides the foundations for the root of trust: secure key storage and truly random source. The building block doesn't require on or off-chip secure non-volatile memory to store secrets, but provides a high-level security: resistance to physical attackers capable of controlling all external interfaces of the system on chip (SoC). Based on the building block, we build the root of trust consisting of seal/unseal primitives for secure services running in the TEE, and a software-only TPM service running in the TEE which provides rich TPM functionalities for the rich OS running in the normal world of TrustZone. The root of trust resists software attackers capable of compromising the entire rich OS. Besides, both the building block and the root of trust run on the powerful ARM processor. In one word, we leverage the SRAM PUF, commonly available on mobile devices, to achieve a low-cost, secure, and efficient design of the root of trust.

Available format(s)
Publication info
Published elsewhere. Minor revision. TrustED'14
TrustZoneTrusted Execution EnvironmentTPM ServiceRoot of TrustSRAM PUFs
Contact author(s)
zqyzsj @ gmail com
2014-11-04: last of 3 revisions
2014-06-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Shijun Zhao and Qianying Zhang and Guangyao Hu and Yu Qin and Dengguo Feng},
      title = {Providing Root of Trust for ARM TrustZone using On-Chip SRAM},
      howpublished = {Cryptology ePrint Archive, Paper 2014/464},
      year = {2014},
      doi = {10.1145/2666141.2666145},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.