An Isolation Framework for Security Services on TrustZone

Arm TrustZone is the most widely used Trusted Execution Environment (TEE) in mobile and embedded devices, but vulnerabilities in the TrustZone can lead to complete system compromise. This paper presents an isolation framework that secures TrustZone even if the Trusted OS is compromised. We repurposes hardware watchpoints to monitor page table modifications by the Trusted OS and carves out protected memory regions for security services. We also introduce targeted optimizations to minimize performance overhead. We implement the prototype on a Raspberry Pi 3B+, and the evaluation shows that prototype maintains protection with modest performance impact (-3.2%–2.87%). Our case study of two security services shows that the prototype provides a practical and secure foundation despite Trusted OS vulnerabilities.