Recently, leading Bitcoin hardware wallet manufacturer, Ledger, introduced Bitcoin wallet technology which directly stores user data and sensitive information in the TrustZone.
The wallet interface, developed by Ledger, allows users to load its bitcoin wallet into the secure chip as the TrustZone chip begins the process of generating HD private keys. Like any secure hard wallets, the keys never leave the TrustZone chip, eliminating the possibility of a data breach or a hacking attack.
ARM processors are 32-bit microprocessors that have been developed by Advanced RISC Machines, Ltd. since the 1980s. Today, almost all Android smartphones operate on these ARM processors.
Many years ago, ARM manufactured and implemented a separate CPU called TrustZone or Trusted Extension Environment (TEE) next to the main CPU which all phones operate on, for banks and financial platforms to utilize to improve security and privacy by eliminating logins and passwords. However, banks and financial establishments failed to utilize the TrustZone technology and the ARM CPU has since been sitting on all Android smartphones without a specific purpose.
Currently, the Ledger TrustZone Bitcoin wallet technology is compatible with Mycelium and Green Address. Once Mycelium and Green Address users install Ledger’s TrustZone technology, the wallet platform automatically obtains the public portion of the HD wallet and enables users to create transactions and settle payments through a secure encrypted channel in the Trustzone chip.
However, some Android users explain that TEE/TrustZone has its own disadvantages and limitations. Although TrustZone is a separate chip from the main CPU, the two chips lie in the same package so it is difficult to evaluate the communication that occurs between the two.
Still, the Ledger team explains that the level of security of a TrustZone chip-based bitcoin wallet is similar to that of many hardware wallets currently available in the market.
“This is basically the equivalent of having a hardware wallet connected to your phone's USB port at all times, but built right into your phone. And nothing, not rooting, hacking, or physically accessing your phone (short of guessing your pin) will allow an attacker access to your private keys.”