I read document like this TrustZone Security Whitepaper.
It describles that all resources like CPU, memory and others are divided by Secure World and Normal World. Programs in Normal World can not access resources in Secure World. You must call a special instrustion SMC to switch from Normal to Secure world (go through Monitor Mode).
As I know, modern OS like Linux provides Kernel Mode and User Mode. User processes can not access resources located in kernel space, but invoke system calls.
I also know x86's Ring0/1/2/3 can protect resources from invalid access from lower privilege level processes.
My question is what is the difference between ARM TrustZone's Secure/Normal World and kernel/user mode. Or what is the difference between TrustZone and x86's ring0/1/2/3?
Thanks
Edit Question: Replace Protected Mode with Ring0/1/2/3 in my question.
Thanks for your help. I spent some time to understand and read more documents. Summary, TZ provides insulation of resources by NS bit flags on bus, peripheral, and CPU.
You've conflated 3 totally different things here.
Kernel mode/user mode is about execution privilege: x86 uses the terminology of "rings", whereas ARM has privilege levels baked into its processor modes - you can draw a rough parallel between ring 3 and USR mode, and ring 0 and SVC mode (obviously architectural differences mean it's nowhere near that straightforward really).
Memory protection is a different concept, involving having hardware bolted to the CPU to restrict its memory and MMIO accesses to within defined mappings, or raise faults otherwise (which then enables further developments like demand-paged virtual memory). In this regard, "Protected mode" vs. "Real mode" on x86 is pretty much just the equivalent of having the MMU/MPU turned on or off. Obviously it makes plenty of sense to couple this idea with the first, to allow the notion of privileged/unprivileged memory, but the x86 architecture and its evolutionary heritage makes that coupling artificially strong - on ARM you still have all your processor modes when the MMU is off.
TrustZone, on the other hand, is about security and authentication at a whole different level - between the system vendor/operator and the user. On x86 systems you typically might have a hardware TPM for things like secure key storage or boot verification - anything the main processor can access cannot be considered secure since the user could replace any software running there (the normal execution privilege mechanism doesn't help since the user can simply switch the whole kernel for a malicious one). The point of TrustZone is hardware support throughout the whole system which enables virtualising that secure processor/memory/peripherals on top of the "normal" system, instead of needing to cram in a whole load of extra hardware for it. For example, you can simply partition off a chunk of RAM to be physically* inaccessible from the normal world, and implement a "TPM" purely as verified secure-world software which even the most privileged normal-world code cannot interfere with.
In x86-world, you should look at Intel's Trusted Execution Technology as the closest relevant thing, which addresses (given external TPM support) some of the use-cases for which TrustZone is employed in ARM SoCs. Note that it's not a direct comparison - the CPU-centric nature of TXT means it's really just a secure boot solution. TrustZone is system-wide and more of a fundamental building block - you can build a secure boot solution and/or a TPM on it, but you can also build things like end-to-end secure content paths which a CPU-centric approach simply cannot.
* note that I mean "physical" from the software point of view - i.e. it is in hardware and there is nothing software can do to get around it if it is properly implemented. TrustZone is explicitly not an actual physical security solution - it does not, and is not intended to, offer any protection against determined people taking the packaging off the chip and probing the silicon directly.