Embedded systems are becoming more and more vulnerable to unauthorized penetration, in many cases due to preventable weaknesses within the system kernel itself—often a simple lack of appropriate security features and protections that could have been designed in to safeguard the integrity of important data and processes. This dangerous situation is compounded by the fact that each device becomes potentially connectable to other devices outside its intended functional space, making use either of open Internet connectivity or other contrived digital transport strategies. This white paper describes how the ARM TrustZone architecture and technology can be applied to protect custom IP created in Xilinx Zynq-7000 All Programmable SoCs.