Linked by Thom Holwerda on Thu 10th Apr 2014 20:05 UTC, submitted by nfeske
Hardware, Embedded Systems

Behind the term TrustZone lies a security technology that is almost omnipresent in ARM-based devices, ranging from low-cost development boards to most mobile phones. Yet, there hardly exists a public body of knowledge around it. This prompted the Genode developers to investigate. Today, they published their findings in the form of a comprehensive article and an demonstration video.

In contrast to TPMs, which were designed as fixed-function devices with a predefined feature set, TrustZone represented a much more flexible approach by leveraging the CPU as a freely programmable trusted platform module. To do that, ARM introduced a special CPU mode called "secure mode" in addition to the regular normal mode, thereby establishing the notions of a "secure world" and a "normal world". The distinction between both worlds is completely orthogonal to the normal ring protection between user-level and kernel-level code and hidden from the operating system running in the normal world. Furthermore, it is not limited to the CPU but propagated over the system bus to peripheral devices and memory controllers. This way, ARM-based platforms become effectively kind of a split personality. When secure mode is active, the software running on the CPU has a different view on the whole system than software running in non-secure mode.

The Genode team is nothing short of amazing. Not only are they developing unique software, they're also doing stuff like this. Much respect for these women and men.

Thread beginning with comment 586873
To read all comments associated with this story, please click here.
tempting?
by project_2501 on Thu 10th Apr 2014 22:11 UTC
project_2501
Member since:
2006-03-20

The thing with TPM is that it does a very small number of things, and how it does them stands more chance of being verified.

This thing does a lot, and intentionally so. It's a highly programmable highly privileged turning machine.

So if it's broken that's a really bad thing.

Phrases like " the functionality of the secure world is defined by system software instead of being hard-wired" and "not limited to the CPU but propagated over the system bus to peripheral devices and memory controllers." scare me, not reassure me.

Have I misunderstood?

Reply Score: 3

RE: tempting?
by CapEnt on Fri 11th Apr 2014 03:57 in reply to "tempting?"
CapEnt Member since:
2005-12-18

No, you don't.

In effect, this thing can run a whole parallel operating system if used, and this operating system would have the power to capture in real time everything that the other OS in the "normal world" is doing, down to the bus traffic and can continually scan and parse the whole content of the RAM if it wants. Heck, it can even monitor the "normal world" processing at register level. It can go even as far to hiding hardware pieces from the "normal world" OS.

It is a privacy nightmare lying in wait.

Reply Parent Score: 4

RE[2]: tempting?
by WereCatf on Fri 11th Apr 2014 04:03 in reply to "RE: tempting?"
WereCatf Member since:
2006-02-15

It is a privacy nightmare lying in wait.


It's funny how you see a privacy nightmare and I see very interesting technology that could be used e.g. for researching some of the higher-end malware and bots. Of course, I'm not saying it couldn't be used for the things you fear, but that's not what I first think of when reading about this stuff.

Reply Parent Score: 2

RE[2]: tempting?
by agentj on Fri 11th Apr 2014 04:05 in reply to "RE: tempting?"
agentj Member since:
2005-08-19

Hahaha. O rly ?

Reply Parent Score: 2

RE: tempting?
by Kochise on Fri 11th Apr 2014 10:19 in reply to "tempting?"
Kochise Member since:
2006-03-03

Hypervisor ?

Kochise

Reply Parent Score: 3

RE[2]: tempting?
by agentj on Sat 12th Apr 2014 06:28 in reply to "RE: tempting?"
agentj Member since:
2005-08-19

No. HYP mode in ARM is different kind from TrustZone.

Reply Parent Score: 3