Introduction to isolation

Revision as of 14:57, 22 June 2023 by Registered User
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

1. What is isolation?

Isolation means that a system is subdivided into several subsystems (or partitions). Isolation can protect one subsystem from the other(s). The system to isolate can contain code, secrets, or intellectual properties.

2. Hardware isolation

The hardware isolation mechanisms are used to isolate a subsystems (minimum two). Most of the time, the isolation is implemented by combining it with a software solution.
The hardware isolation mechanisms tasks are the following:
  • isolation (access control): secure, nonsecure, privileged, or unprivileged mode
  • filtering on memory access
Typical examples of hardware isolation mechanisms are:
  • MPU (memory protection unit): isolation in Cortex®-M cores
  • Arm® TrustZone, available in Cortex®-A and Arm Cortex®-M architectures.
  • Firewall

3. Temporal isolation

Temporal Isolation is considered only during the boot sequence. It can isolate the different stages executed.
Temporal isolation can protect the device sensitive assets that are used during the secure boot process from being accessed by later stages.

4. Runtime isolation

Considering a platform composed of multiple subsystems, runtime isolation Is the ability to have a system with several subsystems running in parallel.
Isolating two subsystems can be done by using the Arm® TrustZone technology, but it can also be achieved by the integration of two cores, or by using the MPU on Cortex®-M cores.

5. IP isolation

IP isolation is the propriety allowing a given IP to run sandboxed from the other IPs.

Arm® PSA firmware framework defines tree levels of IP isolation:

Isolation level Purpose Security domains Description
Level 1 SPE isolation Two The secure processing environment (SPE) is protected from being accessed by nonsecure application firmware and hardware.
Level 2 PSA root-of-trust isolation Three In addition to Level 1, the PSA root of trust is also protected from being accessed by the application root of trust.
Level 3 Maximum firmware isolation Three or more In addition to Level 2, each secure partition is sandboxed, and only allowed to access its own resources. This protects each secure partition from being accessed by the other secure partitions, and the secure partition manager from being accessed by any secure partition.