[vvhn]

Contrary to speculation ( there are whole articles which "explain" the secure enclave to be ARM trustzone) secure enclave is documented ( only very recently) to be a _seperate_ chip inside the A7 chip running it's own L4 based microkernel. (From https://www.apple.com/privacy/docs/iOS_Security_Guide_Sept_2...)

" The Secure Enclave is a coprocessor fabricated in the Apple A7 or later A-series processor. It utilizes its own secure boot and personalized software update separate from the application processor. It provides all cryptographic operations for Data Protection key management and maintains the integrity of Data Protection even if the kernel has 
 been compromised.

The Secure Enclave uses encrypted memory and includes a hardware random number generator. Its microkernel is based on the L4 family, with modifications by Apple. Communication between the Secure Enclave and the application processor is isolated 
 to an interrupt-driven mailbox and shared memory data buffers. "

[bryanlarsen]

That's pretty much exactly how AMD implements TrustZone. http://www.anandtech.com/show/6007/amd-2013-apus-to-include-...

[adsr]

It sounds more like they are using a Cortex-A5 to gain access to TrustZone with an existing x86 core.

[bryanlarsen]

And it sounds like Apple is using a separate unspecified ARM processor (probably a Cortex-A5 since that's the cheapest possible one) to gain access to an existing A7 or A8 core.

[adsr]

In Apple's case, they use the ARM ISA but implement their own micro architecture and from vvhn's comment seems to also use a co-processor specifically for the secure enclave. But the link above on TrustZone hardware architecture mentions that this isn't a requirement.

"TrustZone enables a single physical processor core to execute code safely and efficiently from both the Normal world and the Secure world. This removes the need for a dedicated security processor core, saving silicon area and power, and allowing high performance security software to run alongside the Normal world operating environment."

I guess since Apple use the ARM ISA, it's still binary compatible with ARM but with a different implementation. AMD uses an x86/ARM hybrid where the ARM part is an off the shelf Cortex-A5 which already contain TrustZone.

[bryanlarsen]

I highly doubt they use their own micro architecture. It'd be a lot cheaper to license Cortex-A5. Using their own micro architecture for the main processor gives them a huge competitive advantage. For the security co-processor, COTS would work fine.