Revision as of 09:45, 13 April 2023 by Registered User (→Runtime Isolation)
1. What is isolation?
Isolation means that a system is subdivided into several subsystems (or partitions). Isolation can protect one subsystem from the other(s). The system to isolate can contain code, secrets, or intellectual properties.
2. Hardware isolation
- The hardware isolation mechanisms are used to isolate almost two subsystems. Most of the time, the isolation is implemented by combining it with a software solution.
- The hardware isolation mechanisms tasks are the following:
- isolation (access control): secure, nonsecure, privileged, or unprivileged mode
- filtering on memory access
- Typical examples of hardware isolation mechanisms are:
- - MPU (memory protection unit): isolation in Cortex®-M cores
- - Arm® TrustZone, available in Cortex®-A and Cortex®-M Arm architectures.
- - Firewall
3. Temporal isolation
- Temporal Isolation is considered only during the boot sequence. It can isolate the different stages executed.
- Temporal isolation can protect the device sensitive assets that are used during the secure boot process from being accessed by later stages.
4. Runtime isolation
- This Is the ability to have a system with several subsystems running in parallel, considering 2, 3, 4, … sub-systems of a platform.
- Isolating two subsystems can be achieved using Arm TrustZone technology.
- But it could be done also considering integration of 2 cores, use of the MPU (on Cortex-M cores), …
5. IP isolation
IP Isolation is the propriety allowing an Intellectual Property to run sandboxed from the others.
ARM PSA Firmware Framework defines tree levels of isolation.
| Isolation level | Purpose | Security domains | Description |
|---|---|---|---|
| Level 1 | SPE isolation. | Two | Secure Processing Environment (SPE) is protected from access by Non-secure application firmware and hardware. |
| Level 2 | PSA Root of Trust isolation. | Three | In addition to Level 1, the PSA Root of Trust is also protected from access by the Application Root of Trust. |
| Level 3 | Maximum firmware isolation. | Three or more | In addition to Level 2, each Secure Partition is sandboxed and only permitted to access its own resources. This protects each Secure Partition from access by other Secure Partitions and protects the Secure Partition Manager from access by any Secure Partition. |
6. References