ARM trustZone TrustZone queries
Posted 21 June 2012 - 02:47 PM
1) What was the need for Trustzone when TPM itself could perform trusted computing ? Is it just because of space contraints due to extra chip?2) Why cannot the secure OS in trustzone be modified? is it because it is smaller trust base one can make it bug free?3) What is the basic difference between Intel TXT and Trustzone ?
I tried searching in internet about Intel TXT and I am totally confused. Thanks a lot in advance for your help.
Posted 22 June 2012 - 08:40 AM
2) Why cannot the secure OS in trustzone be modified?
I'm not sure what you are asking here. As a technology from ARM TrustZone provides hardware building blocks to build a secure environment. Any system developer can write their own secure OS to run in this environment. In a running system then yes, you want to prevent modification (security risk), and as always smaller is better (less bugs -> less security risk).
Posted 25 June 2012 - 12:04 PM
Posted 27 June 2012 - 07:06 PM
Posted 28 June 2012 - 12:48 AM
Please check www.openvirtualization.org for trustzone implementation.
Posted 28 June 2012 - 07:46 PM
Posted 29 June 2012 - 12:33 AM
It will not run concurrently.
Posted 29 June 2012 - 09:48 AM
Well, it depends what you mean by "concurrently". Two processes inside an OS appear to run concurrently, but often they are time-division-multiplexed and only one is running at any one time. That is, there are context switches between the processes such that both get some processing time. Sometimes the context switches are cooperative (one process yields to another), and sometimes the context switch is in response to an interrupt.
It can be the same in TrustZone. Each world can choose to pass control to the other (the SMC instruction), or an interrupt can cause the switch. How the two OSes are actually set up using TrustZone will depend on the system design.
So, a given processor is only running one instruction at a time (not concurrent), and, at a lower time resolution, both OSes are running at the same time and may be getting a percentage of the processing time (concurrent).
I suggest reading this http://infocenter.ar...492c/index.html to understand these kinds of issues.
Posted 08 July 2012 - 05:56 AM
So far, What I understood is only one processor which has two OSes ( just like Linux + Windows) , but one OS has previlage to secure regions and written bug-free so we name it TrustZone. Ofcourse to enable this privilage we modify the hardware of SoC and also give a mechanism that this secure OS cannot be re-written.
Posted 08 July 2012 - 01:23 PM
The split between the resources of the two "virtual" systems is enforced by hardware, not software.