Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

What is the difference between SGX and TrustZone


I have read some papers about SGX and ARM TrustZone. I am wondering what is the difference between SGX and ARM TrustZone? Are they fundamentally different (or similar). Thank you very much.

0 Kudos
2 Replies


Architecturally Intel SGX is a little different from ARM TrustZone (TZ). With TZ we often think of a CPU which is in two halves i.e. the insecure world and the secure world. Communication with the secure world occurs from the insecure world via the SMC (Secure Monitor Call) instruction. In Intel SGX model we have one CPU which can have many secure enclaves (islands). Intel SGX is like the Protected Processes Microsoft introduced in Windows Vista but with the added benefit that it is hardware enforced so that even the underlying OS kernel can’t tamper or snoop.

with ARM TrustZone, ARM is historically associated with single-purpose systems where the SoC is specific to the target market (phones, set top boxes, etc) and hence has just one TrustZone, whereas SGX has the potential for multiple enclaves in a system, as you might expect from a provider of multi-purpose chips where the system purpose is not known at chip design time.



Hi, all.

I have a question about the difference between SGX and TrustZone.
I understand that the design concept of SGX and TrustZone is a little different.

However, functions of them are almost same, right?
For example, can SGX equipped devices attest TrustZone equipped devices?
#I think this is very typical case of IoT systems...

Best regards,