ARM TrustZone technology has been around for almost a decade. It was
introduced at a time when the controversial discussion about trusted
platform-modules (TPM) on x86 platforms was in full swing (TCPA, Palladium).
Similar to how TPM chips were meant to magically make PCs "trustworthy",
TrustZone aimed at establishing trust in ARM-based platforms. In contrast to
TPMs, which were designed as fixed-function devices with a predefined feature
set, TrustZone represented a much more flexible approach by leveraging the CPU
as a freely programmable trusted platform module. To do that, ARM introduced a
special CPU mode called "secure mode" in addition to the regular normal mode,
thereby establishing the notions of a "secure world" and a "normal world". The
distinction between both worlds is completely orthogonal to the normal ring
protection between user-level and kernel-level code and hidden from the
operating system running in the normal world. Furthermore, it is not limited
to the CPU but propagated over the system bus to peripheral devices and
memory controllers. This way, such an ARM-based platform effectively becomes a
kind of split personality. When secure mode is active, the software running on the CPU
has a different view on the whole system than software running in non-secure
mode. This way, system functions, in particular security functions and
cryptographic credentials, can be hidden from the normal world. It goes
without saying that this concept is vastly more flexible than TPM chips
because the functionality of the secure world is defined by system
software instead of being hard-wired
https://genode.org/documentation/articles/trustzone
https://genode.org/documentation/articles/trustzone
No comments:
Post a Comment