trust-zone

问题 For example, virt-what shows if you are running inside hardware virtualization "sandbox". How to detect if you are running in ARM "TrustZone" sandbox? 回答1: TrustZone maybe different than what you think. There is a continuum of modes. From 'a simple API of trusted functions' to 'dual OSs' running in each world. If there was more context given to the question, it would be helpful. Is this for programatically determining or for reverse engineering considerations? For the current Linux user-space

问题 I read document like this TrustZone Security Whitepaper. It describles that all resources like CPU, memory and others are divided by Secure World and Normal World . Programs in Normal World can not access resources in Secure World. You must call a special instrustion SMC to switch from Normal to Secure world (go through Monitor Mode). As I know, modern OS like Linux provides Kernel Mode and User Mode . User processes can not access resources located in kernel space, but invoke system calls. I

问题 I am booting Android on an IMX53 Sabre tablet. I am trying to initialize stacks for the different processor modes. The following is my monitor initialization code: @ Install Secure Monitor @ ----------------------- ldr r1, =ns_image @ R1 is used str r0, [r1] ldr r0, =tz_monitor @ Get address of Monitors vector table mcr p15, 0, r0, c12, c0, 1 @ Write Monitor Vector Base Address Register @ Save Secure state @ ------------------ ldr r0, =S_STACK_LIMIT @ Get address of Secure state stack stmfd

问题 I have been reading Android's kernel to see how dynamic power management for CPU cores (aka DVFS, DCVS) is being done. The code I found here makes some calls to the following function (defined here) which in turn calls the SMC assembly instruction. ARM has a document that explains SMC calling convention, but I haven't been able to use it to make sense of the following function. How can I track down the SMC instruction further to see what it actually does based on its input operands? s32 scm

问题 I'm currently doing some research about ARM's TrustZone, e.g. here: ARM information center. As far as I understand, with TrustZone a secure environment based on the AMBA AXI bus can be created. On ARM website it says: "This concept of secure and non-secure worlds extends beyond the processor to encompass memory, software, bus transactions, interrupts and peripherals within an SoC." I read that peripherals can be connected to TrustZone via the N on S ecure-bit of the AMBA AXI bus (The extra

问题 I'm trying to emulate TrustZone features in Qemu. I've found two links that seems explain this process. The First Reference doesn't attach the image kernel that supports TrustZone (where can I find it?) The Second Reference explains how can I compile a kernel but it doesn't start with the command line written in the first website which is as follows ./arm-softmmu/qemu-system-arm -kernel $PATH_TO_KERNEL/zImage -M vexpress-a15 -cpu cortex-a15 -dtb PATH_TO_DTB/vexpress-v2p-ca15-tc1.dtb -m 1024

问题 I am interested in developing trusted applications using TEE . I have a Nexus 5 that has Android 5.1.1 (LMY48M) on it. I want to create a very basic hello world app to understand TEE logic running on a real device. Nexus 5 supports QSEE (Qualcomm Secure Execution Environment) but I couldn't found any documentation about how to include QSEE communication libraries on a regular Android application. In an adb root shell, cat /d/tzdbg/log cat /d/tzdbg/qsee_log commands displays empty result. Is

问题 As per CortexA prog Guide TrustZone hardware also effectively provides two virtual MMUs, one for each virtual processor. This enables each world to have a local set of translation tables, with the Secure world mappings hidden and protected from the Normal world. The page table descriptions include a NS bit, which is used to determine whether accesses are made to the secure or non-secure physical address space. Although the page table entry bit is still present, the Normal virtual processor

问题 I am trying to understand the cost of switching back and forth between trusted (secure) and non-secure modes in arm. What exactly needs to happen when moving from non-secure to secure world? I know the ns bit needs to be set (based on some special instruction?), the page tables need to be flushed and updated (?), the processor caches flushed and updated. Anything else that needs to happen? Processor caches: Are they caches segmented and shared or is the whole cache used for each mode? That

问题 Context I want to have a rich GNU/Linux OS running in the Normal world and a small OS with an integrated Monitor running in the Secure world . Requirement We have to absolutely avoid the Normal world to access the Secure world memory region. Question Which feature(s) of TrustZone do we need to use/activate to fulfill this requirement? I'd like to use only the necessary features to minimize the work needed. Details I've read quite a lot of ARM TrustZone documentation, I'm aware of TZPC , TZASC