Linked by Thom Holwerda on Thu 10th Apr 2014 20:05 UTC, submitted by nfeske
Hardware, Embedded Systems

Behind the term TrustZone lies a security technology that is almost omnipresent in ARM-based devices, ranging from low-cost development boards to most mobile phones. Yet, there hardly exists a public body of knowledge around it. This prompted the Genode developers to investigate. Today, they published their findings in the form of a comprehensive article and an demonstration video.

In contrast to TPMs, which were designed as fixed-function devices with a predefined feature set, TrustZone represented a much more flexible approach by leveraging the CPU as a freely programmable trusted platform module. To do that, ARM introduced a special CPU mode called "secure mode" in addition to the regular normal mode, thereby establishing the notions of a "secure world" and a "normal world". The distinction between both worlds is completely orthogonal to the normal ring protection between user-level and kernel-level code and hidden from the operating system running in the normal world. Furthermore, it is not limited to the CPU but propagated over the system bus to peripheral devices and memory controllers. This way, ARM-based platforms become effectively kind of a split personality. When secure mode is active, the software running on the CPU has a different view on the whole system than software running in non-secure mode.

The Genode team is nothing short of amazing. Not only are they developing unique software, they're also doing stuff like this. Much respect for these women and men.

Thread beginning with comment 586885
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: tempting?
by CapEnt on Fri 11th Apr 2014 03:57 UTC in reply to "tempting?"
Member since:

No, you don't.

In effect, this thing can run a whole parallel operating system if used, and this operating system would have the power to capture in real time everything that the other OS in the "normal world" is doing, down to the bus traffic and can continually scan and parse the whole content of the RAM if it wants. Heck, it can even monitor the "normal world" processing at register level. It can go even as far to hiding hardware pieces from the "normal world" OS.

It is a privacy nightmare lying in wait.

Reply Parent Score: 4

RE[2]: tempting?
by WereCatf on Fri 11th Apr 2014 04:03 in reply to "RE: tempting?"
WereCatf Member since:

It is a privacy nightmare lying in wait.

It's funny how you see a privacy nightmare and I see very interesting technology that could be used e.g. for researching some of the higher-end malware and bots. Of course, I'm not saying it couldn't be used for the things you fear, but that's not what I first think of when reading about this stuff.

Reply Parent Score: 2

RE[3]: tempting?
by Alfman on Fri 11th Apr 2014 06:42 in reply to "RE[2]: tempting?"
Alfman Member since:


Of course, I'm not saying it couldn't be used for the things you fear, but that's not what I first think of when reading about this stuff.

Of course there would be some cool applications, but honestly my first thought was DRM, such that the owner only has control over the "normal world" portion, while someone else controls the "secure world" in order to impose content restrictions.

Reply Parent Score: 4

RE[3]: tempting?
by przemo_li on Fri 11th Apr 2014 08:16 in reply to "RE[2]: tempting?"
przemo_li Member since:

Funny thing to assume that it will not be used by malware in the first place...

Want such solution? DIY, and not put it in every computer out there for really bad people to use.

Reply Parent Score: 2

RE[2]: tempting?
by agentj on Fri 11th Apr 2014 04:05 in reply to "RE: tempting?"
agentj Member since:

Hahaha. O rly ?

Reply Parent Score: 2