The invention provides a method for preventing attacks through software degradation based on trustzone in an embedded system. The embedded system comprises the following steps: after the system is powered on, version data of a system to be started is loaded into a safe memory area; Performing signature verification on the version data in a secure memory area; If the authentication is passed, obtaining the pre-stored first major version information from the secure storage area to the secure memory area; Reading second major version information from the version data and comparing with the firstmajor version information; If the second major version information is lower than the first major version information, rejecting the system startup. It can judge the level of the major version information of the system to be started and the version information of each subsystem component, and prohibit the system software from being degraded, which leads to the risk of attacking the known vulnerabilities, so as to ensure the security and reliability of the system running environment.