嵌入式系统安全防护方案比较与应用案例分析

伴随着物联网技术的发展，嵌入式系统安全防护问题已经成为当前亟需考虑并尝试解决的系统性难题。在比较多种嵌入式系统安全防护手段的基础上，深入剖析了基于硬件虚拟化技术的ARM TrustZone安全防护方案的系统组成、工作原理及设计实现要点。详细描述了TrustZone-A和TrustZone-M 2种技术的区别，并给出了2种技术的适用场景。给出了基于TrustZone技术的可信启动流程实现原理，讨论了基于TrustZone-A监控模式代码的异常程序检测实现的可行性。最后，结合典型应用场景，设计了基于TrustZone-M技术的安全防护方案及安全通信协议实现实例。

Comparison among embedded system security protection schemes and their application case analysis

Due to the development of Internet of Things technology, the security protection of embedded systems has become a systemic problem that needs to be considered and tried to be solved urgently. A variety of embedded computer system security protection methods are compared, and ARM TrustZone security protection scheme is analyzed. The main differences between the two technologies (TrustZone-A and TrustZone-M) are analyzed, and the applicable scenarios and implementation characteristics of the two solutions are given. The implementation principle of the trusted startup process based on TrustZone technology is described, and the feasibility of the implementation of abnormal program detection based on the TrustZone-A monitoring mode code is discussed. Finally, combined with typical application scenarios, a security protection scheme based on TrustZone-M technology and an implementation example of a security communication protocol are designed and proposed.