Linked by Thom Holwerda on Thu 10th Apr 2014 20:05 UTC, submitted by nfeske
Hardware, Embedded Systems

Behind the term TrustZone lies a security technology that is almost omnipresent in ARM-based devices, ranging from low-cost development boards to most mobile phones. Yet, there hardly exists a public body of knowledge around it. This prompted the Genode developers to investigate. Today, they published their findings in the form of a comprehensive article and an demonstration video.

In contrast to TPMs, which were designed as fixed-function devices with a predefined feature set, TrustZone represented a much more flexible approach by leveraging the CPU as a freely programmable trusted platform module. To do that, ARM introduced a special CPU mode called "secure mode" in addition to the regular normal mode, thereby establishing the notions of a "secure world" and a "normal world". The distinction between both worlds is completely orthogonal to the normal ring protection between user-level and kernel-level code and hidden from the operating system running in the normal world. Furthermore, it is not limited to the CPU but propagated over the system bus to peripheral devices and memory controllers. This way, ARM-based platforms become effectively kind of a split personality. When secure mode is active, the software running on the CPU has a different view on the whole system than software running in non-secure mode.

The Genode team is nothing short of amazing. Not only are they developing unique software, they're also doing stuff like this. Much respect for these women and men.

Permalink for comment 586900
To read all comments associated with this story, please click here.
RE[5]: tempting?
by nfeske on Fri 11th Apr 2014 08:28 UTC in reply to "RE[4]: tempting?"
Member since:

I think the mechanism per se is not harmful. But the question of who is in control of the secure world is important to assess the security and privacy implications of using of a device.

If the user has a chance to place security functions in the secure world, e.g., the cryptographic functions that need access to the user's private key, such credentials could be hidden from the normal world. So an exploit of the normal world never leak the user's private key.

On the other hand, if the platform vendor controls the secure world, TrustZone may actually be a mechanism to protect the platform from the end user. Naturally, DRM comes into mind. Also if you look closely into low-cost dev boards like the Pandaboard, you will find that the secure world is fixed with predefined firmware. What this firmware does is only known to the vendor. On the Pandaboard, it is used (among potentially other things) to work around certain hardware bugs such as erratas of the cache controller.

On consumer devices, the secure world is generally not accessible to the end user. Even if you install an alternative version of Android (like Replicant) on the device, the secure world remains unaffected. Ultimately, the proprietary software running in the secure world is just another potential risk for the privacy of the end user. Referring to Thom's recent posting

the secure-world software stack is a third "OS" running on the device. You have to be faithful in your device vendor.

Reply Parent Score: 4