Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Develop programs for Arm trust zone

How can I develop applications that use Arm's trust zone? Specifically, I want to develop a program that can save sensitive data in the secure world.

Should this program run in the normal world or the secure world? I know there are trustlets in the secure world, do I need to develop trustlets? Are there SDK or API that I can use to directly interact with an existing secure world os or do I need to compile and install my own secure os?

Any advice will be greatly appreciated.

Thank you!

like image 271
jiawen Avatar asked Mar 16 '13 21:03

jiawen


People also ask

What is ARM trusted zone?

Arm TrustZone technology offers an efficient, system-wide approach to security with hardware-enforced isolation built into the CPU. It provides the perfect starting point to establish a device root of trust based on PSA guidelines.

What is Qualcomm TrustZone?

TrustZone is hardware-based security built into SoCs by semiconductor chip designers who want to provide secure end points and a device root of trust. TrustZone technology provides a foundation for system-wide security and the creation of a trusted platform.

What is Cortex M23?

The Cortex-M23 processor is a very compact, two-stage pipelined processor that supports the Armv8-M baseline instruction set. The Cortex-M23 with TrustZone is the ideal processor for the most constrained IoT and embedded applications where security is a key requirement.

What is Samsung trust zone?

Samsung Phones TrustZone Design Flaw In simple words, TEE is an isolated environment on a device meant for storing sensitive data in encrypted form. It remains outside the usual operating system (such as Android OS) and hence, segregated from regular apps.


3 Answers

There are two extremes. These are documented in the Software overview chapter of ARMs Security Technology: Building a Secure System using TrustZone Technology.

APIs

At the one end of the spectrum, there is only a set of APIs which can be called from the normal world. This is detailed in the SMC calls for Linux. For instance, if the device contains a public-private key, an API call could sign data. The normal world would never have access to the private key, but anyone can verify that the device is original by verifying the signature. So the normal world is free to forward this request over any communications interface. This maybe part of authenticating a device.

Co-operative OSs

In this mode, there is a full blown OS in both the secure and normal world (called TEE and REE elsewhere). The OSs must co-operate with interrupts and scheduling. They may also use SMC calls, lock free algorithms and semaphores along with shared memory.

ARM recommends using the FIQ for the secure world and to leave the IRQ for the normal world. Specifically, there are settings to stop the normal world from masking the FIQ ever. All of these issue rely on the type of IPC, scheduling, interrupt response, etc that the system needs.

The simplest Secure scheduler would always pre-empt the normal world. Only the idle task would yield the CPU to the normal world. A more flexible solution would have the schedulers co-operate so that both worlds can have higher and lower priority tasks.

like image 106
artless noise Avatar answered Nov 03 '22 02:11

artless noise


The better way is install a REE OS and a TEE OS in one device. When a program wants to do some sensitive things, the device will change to TEE OS, so you can deal with sensitive date securely. When you have done with sensitvie date, device will change to REE OS. But implementing two OS switch on a device is a tough work.

like image 36
Cobain Avatar answered Nov 03 '22 02:11

Cobain


Operating Systems such as MobiCore already exist and have been deployed on mass market devices such as Samsung Galaxy S3.

MobiCore is an OS that runs alongside Android, so trustlets (= MobiCore apps) can communicate with Android apps via a set of system calls to the MobiCore driver, which is the part of the Android OS in charge of communicating with the trusted execution enviromnent.

If you are looking to develop trustlets for MobiCore as explained above, you must become a MobiCore developer, which you could theoretically do by signing up as a developer for MobiCore's Trustonic venture.

If you wish to use ARM's TrustZone technology on your own device / dev board with an open-source secure OS, perhaps you can use OpenVirtualization's SierraTEE, which seems to be compiled for Xilinx Zynq-7000 AP SOC and also compatible with Android as the rich OS.

like image 21
Nimo Avatar answered Nov 03 '22 00:11

Nimo