<!-- Source: https://melinasecurity.com/knowledge/glossary/trustzone/  License: CC BY 4.0 with attribution to Melina Security  Last-updated: 2026-06-12 -->

# TrustZone

**slug:** `trustzone` · **URL:** `/knowledge/glossary/trustzone/` · **category:** Hardware Security · **reviewer:** Gleb

### Definition

ARM TrustZone is a hardware security architecture that partitions a system-on-chip into two execution worlds — a Secure World and a Normal World — with hardware-enforced isolation. It is present on most modern ARM Cortex-A application processors and on selected Cortex-M microcontrollers (Cortex-M23, M33, M55, M85).

### What it means

TrustZone is the foundation for a wide range of trusted-execution-environment (TEE) implementations on ARM platforms — Qualcomm QSEE, Samsung TEEGRIS, Trustonic Kinibi, OP-TEE, and others. The Secure World runs code (a trusted OS plus trusted applications) at the highest privilege level, with exclusive access to specific peripherals, memory regions, and cryptographic keys. The Normal World runs the conventional operating system (Android, Linux, RTOS) and must invoke the Secure World through a controlled gateway interface.

The historical TrustZone CVE record across major implementations is non-trivial — most major TEE vendors have shipped fixes for critical issues affecting fingerprint verification, DRM keys, and biometric authentication. For products that rely on TrustZone for high-value secrets (payment keys, biometric templates, automotive immobilizer secrets), the security depends on the integrator's specific TEE implementation, the bootchain that establishes the Secure World, and the careful design of the Secure Monitor Call interface.

For Melina engagements, TrustZone testing covers: bootchain analysis to verify Secure World establishment, SMC interface fuzzing, Trusted Application review where extractable, and rollback / fault-injection vectors against the TEE.

### Related terms

- [Secure boot](/knowledge/glossary/secure-boot/)
- [Embedded Linux](/knowledge/glossary/embedded-linux/)

### Authoritative sources

- [ARM TrustZone technical overview](https://developer.arm.com/Processors/TrustZone%20for%20Cortex-A)
- [OP-TEE project](https://www.op-tee.org/)
- [GlobalPlatform TEE specifications](https://globalplatform.org/specs-library/?filter-committee=tee)

---