Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

What is the difference between SGX and TrustZone

Yufei_J_
Beginner
‎05-19-2017 01:54 PM
5,243 Views

I have read some papers about SGX and ARM TrustZone. I am wondering what is the difference between SGX and ARM TrustZone? Are they fundamentally different (or similar). Thank you very much.
 

0 Kudos

Link Copied

2 Replies
Surenthar_S_Intel
Employee
‎05-22-2017 01:30 AM
5,243 Views

Hi,

Architecturally Intel SGX is a little different from ARM TrustZone (TZ). With TZ we often think of a CPU which is in two halves i.e. the insecure world and the secure world. Communication with the secure world occurs from the insecure world via the SMC (Secure Monitor Call) instruction. In Intel SGX model we have one CPU which can have many secure enclaves (islands). Intel SGX is like the Protected Processes Microsoft introduced in Windows Vista but with the added benefit that it is hardware enforced so that even the underlying OS kernel can’t tamper or snoop.

with ARM TrustZone, ARM is historically associated with single-purpose systems where the SoC is specific to the target market (phones, set top boxes, etc) and hence has just one TrustZone, whereas SGX has the potential for multiple enclaves in a system, as you might expect from a provider of multi-purpose chips where the system purpose is not known at chip design time.

-Surenthar

0 Kudos
Copy link
ryo_hamamoto
Beginner
‎06-29-2017 11:09 PM
5,243 Views

Hi, all.

I have a question about the difference between SGX and TrustZone.
I understand that the design concept of SGX and TrustZone is a little different.

However, functions of them are almost same, right?
For example, can SGX equipped devices attest TrustZone equipped devices?
#I think this is very typical case of IoT systems...

Best regards,
Ryo

 

 

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.