Handling ARM TrustZones

by

http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/index.html is a pretty good introductory document that gives an overview of something a little bit too complex to be satisfactorily explained by typing into a text box. But I’ll try to answer your direct questions below.

  1. It refers to an additional privilege option orthogonal to the execution modes. Secure world has the ability to make memory accesses tagged as secure, but can also make non-secure accesses. Normal world can only make non-secure accesses. In addition, certain processor configuration options are only accessible to Secure world. The intent is to isolate secure software in a simple environment where it cannot be (directly) vulnerable to software exploits in the device’s main operating system or application software.
  2. None, apart from it adding an additional “monitor” mode. This monitor mode is used for the “context switch” between Normal and Secure world.
  3. TrustZone isn’t enabled, it is implemented (or not).
  4. TrustZone was introduced in the Security Extensions to ARM architecture version 6. The first processor supporting it was ARM1176. All Cortex-A processors support it.
  5. “No”, although since TrustZone-capable processors start executing in Secure state on power-on, if the boot loader does nothing to change the security state, all software will run as Secure (removing any security benefits). No, the TrustZone environment is explicitly intended to run alongside your OS, not to be directly integrated into it. For some platforms, the Linux kernel performs Secure Monitor Calls to request Secure world to change certain system configuration options.

More Related Contents:

  1. Linux kernel ARM exception stack init
  2. How do I find ARM Linux entry point when it fails to uncompress?
  3. How does ARM Linux emulate the dirty, accessed, and file bits of a PTE?
  4. Image vs zImage vs uImage
  5. adding i2c client devices on x86_64
  6. TrustZone monitor mode and IFAR, IFSR, DFAR, DFSR
  7. $(uname -a) returning the same in docker host or any docker container
  8. Context switch internals
  9. What is the interface for ARM system calls and where is it defined in the Linux kernel?
  10. Find the physical address of exception vector table from kernel module
  11. Why does Linux favor 0x7f mappings?
  12. How can Docker run distros with different kernels?
  13. Do Kernel pages get swapped out?
  14. What is the difference between the kernel space and the user space?
  15. Why kernel code/thread executing in interrupt context cannot sleep?
  16. Difference between physical/logical/virtual memory address
  17. Adding new driver code to linux source code
  18. How to flush the CPU cache for a region of address space in Linux?
  19. module_init() vs. core_initcall() vs. early_initcall()
  20. What is the difference between module_init and subsys_initcall while initializing the driver?
  21. Building kernel uImage using LOADADDR
  22. Pass large amount of binary data from u-boot to linux kernel
  23. How to print exact value of the program counter in C
  24. Is bool a native C type?
  25. Use of floating point in the Linux kernel
  26. exit.c:(.text+0x18): undefined reference to `_exit’ when using arm-none-eabi-gcc
  27. How to continuously monitor the directory using dnotify /inotify command
  28. What does it mean by cold cache and warm cache concept?
  29. How to solve “BUG: scheduling while atomic: swapper /0x00000103/0, CPU#0”? in TSC2007 Driver?
  30. /proc/[pid]/pagemaps and /proc/[pid]/maps | linux

Leave a Comment