4.5.1. Secure operating system

A dedicated operating system in a Secure state is a complex, but powerful, design. It can simulate concurrent execution of multiple independent Secure state applications, run-time download of new security applications, and Secure state tasks that are completely independent of a Non-secure state environment.

Figure 4.2. A possible architecture with an independent Secure state OS

To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.


One advantage of a design based on operating system principles, is the use of the processor MMU to separate a Secure state memory space into multiple user-space sandboxes. If the Secure state kernel software is correctly implemented, Secure tasks from independent stakeholders can execute at the same time, without needing to trust each other. The kernel design can enforce the logical isolation of Secure tasks from each other, and prevents one Secure task from tampering with the memory space of another.

Copyright © 2014 ARM. All rights reserved.ARM DAI0425
Non-ConfidentialID080414