1. What is isolation?
Isolation means that a system is subdivided into several subsystems (or partitions). Isolation can protect one subsystem from the other(s). The system to isolate can contain code, secrets, or intellectual properties.
2. Hardware isolation
- The hardware isolation mechanisms are used to isolate a subsystems (minimum two). Most of the time, the isolation is implemented by combining it with a software solution.
- The hardware isolation mechanisms tasks are the following:
- isolation (access control): secure, nonsecure, privileged, or unprivileged mode
- filtering on memory access
- Typical examples of hardware isolation mechanisms are:
- MPU (memory protection unit): isolation in Cortex®-M cores
- Arm® TrustZone, available in Cortex®-A and Arm Cortex®-M architectures.
- Firewall
3. Temporal isolation
- Temporal Isolation is considered only during the boot sequence. It can isolate the different stages executed.
- Temporal isolation can protect the device sensitive assets that are used during the secure boot process from being accessed by later stages.
4. Runtime isolation
- Considering a platform composed of multiple subsystems, runtime isolation Is the ability to have a system with several subsystems running in parallel.
- Isolating two subsystems can be done by using the Arm® TrustZone technology, but it can also be achieved by the integration of two cores, or by using the MPU on Cortex®-M cores.
5. IP isolation
IP isolation is the propriety allowing a given IP to run sandboxed from the other IPs.
Arm® PSA firmware framework defines tree levels of IP isolation:
Isolation level | Purpose | Security domains | Description |
---|---|---|---|
Level 1 | SPE isolation | Two | The secure processing environment (SPE) is protected from being accessed by nonsecure application firmware and hardware. |
Level 2 | PSA root-of-trust isolation | Three | In addition to Level 1, the PSA root of trust is also protected from being accessed by the application root of trust. |
Level 3 | Maximum firmware isolation | Three or more | In addition to Level 2, each secure partition is sandboxed, and only allowed to access its own resources. This protects each secure partition from being accessed by the other secure partitions, and the secure partition manager from being accessed by any secure partition. |