Submitted by Behind the term TrustZone lies a security technology that is almost omnipresent in ARM-based devices, ranging from low-cost development boards to most mobile phones. Yet, there hardly exists a public body of knowledge around it. This prompted the Genode developers to investigate. Today, they published their findings in the form of a comprehensive article and an demonstration video.
In contrast to TPMs, which were designed as fixed-function devices with a predefined feature set, TrustZone represented a much more flexible approach by leveraging the CPU as a freely programmable trusted platform module. To do that, ARM introduced a special CPU mode called “secure mode” in addition to the regular normal mode, thereby establishing the notions of a “secure world” and a “normal world”. The distinction between both worlds is completely orthogonal to the normal ring protection between user-level and kernel-level code and hidden from the operating system running in the normal world. Furthermore, it is not limited to the CPU but propagated over the system bus to peripheral devices and memory controllers. This way, ARM-based platforms become effectively kind of a split personality. When secure mode is active, the software running on the CPU has a different view on the whole system than software running in non-secure mode.
The Genode team is nothing short of amazing. Not only are they developing unique software, they’re also doing stuff like this. Much respect for these women and men.
The thing with TPM is that it does a very small number of things, and how it does them stands more chance of being verified.
This thing does a lot, and intentionally so. It’s a highly programmable highly privileged turning machine.
So if it’s broken that’s a really bad thing.
Phrases like ” the functionality of the secure world is defined by system software instead of being hard-wired” and “not limited to the CPU but propagated over the system bus to peripheral devices and memory controllers.” scare me, not reassure me.
Have I misunderstood?
No, you don’t.
In effect, this thing can run a whole parallel operating system if used, and this operating system would have the power to capture in real time everything that the other OS in the “normal world” is doing, down to the bus traffic and can continually scan and parse the whole content of the RAM if it wants. Heck, it can even monitor the “normal world” processing at register level. It can go even as far to hiding hardware pieces from the “normal world” OS.
It is a privacy nightmare lying in wait.
It’s funny how you see a privacy nightmare and I see very interesting technology that could be used e.g. for researching some of the higher-end malware and bots. Of course, I’m not saying it couldn’t be used for the things you fear, but that’s not what I first think of when reading about this stuff.
WereCatf,
Of course there would be some cool applications, but honestly my first thought was DRM, such that the owner only has control over the “normal world” portion, while someone else controls the “secure world” in order to impose content restrictions.
That’s what I was saying; we have so different kinds of first reactions to something like this and I found it rather funny.
I think the mechanism per se is not harmful. But the question of who is in control of the secure world is important to assess the security and privacy implications of using of a device.
If the user has a chance to place security functions in the secure world, e.g., the cryptographic functions that need access to the user’s private key, such credentials could be hidden from the normal world. So an exploit of the normal world never leak the user’s private key.
On the other hand, if the platform vendor controls the secure world, TrustZone may actually be a mechanism to protect the platform from the end user. Naturally, DRM comes into mind. Also if you look closely into low-cost dev boards like the Pandaboard, you will find that the secure world is fixed with predefined firmware. What this firmware does is only known to the vendor. On the Pandaboard, it is used (among potentially other things) to work around certain hardware bugs such as erratas of the cache controller.
On consumer devices, the secure world is generally not accessible to the end user. Even if you install an alternative version of Android (like Replicant) on the device, the secure world remains unaffected. Ultimately, the proprietary software running in the secure world is just another potential risk for the privacy of the end user. Referring to Thom’s recent posting
http://www.osnews.com/story/27416/The_second_operating_system_hidin…
the secure-world software stack is a third “OS” running on the device. You have to be faithful in your device vendor.
Funny thing to assume that it will not be used by malware in the first place…
Want such solution? DIY, and not put it in every computer out there for really bad people to use.
Hahaha. O rly ?
Hypervisor ?
Kochise
No. HYP mode in ARM is different kind from TrustZone.
I would have said the same thing if you hadn’t!
Like in seeing/hearing things that doesn’t exist?
I would describe it as “multiply-minded,” the sub-conscious mind perceptibly affecting the conscious mind. At least that’s how my schizophrenic best friend described it to me.
The problem with the description in the linked article is that it promotes the completely wrong idea that schizophrenic = split personality disorder. It isn’t even though that is often how media presents (or at least have presented) it.
Thank you very much for the notice. I changed the text in the article accordingly.
Technically, schizophrenic can be used in that way just fine, as schizophrenic implies a split between reality and the patient’s consciousness.