Hi,
Arm documentation "ARM Security Technology Building a Secure System using TrustZone Technology" says: The mechanisms by which the physical processor can enter monitor mode from the Normal world are tightly controlled, and are all viewed as exceptions to the monitor mode software. The entry to monitor can be triggered by software executing a dedicated instruction, the Secure Monitor Call (SMC) instruction, or by a subset of the hardware exception mechanisms. The IRQ, FIQ, external Data Abort, and external Prefetch Abort exceptions can all be configured to cause the processor to switch into monitor mode.
What control do you do?If an attacker obtains root privileges, can he access the safe world? Is the secure monitor only protected by privilege level?
Thanks
¿Por qué dices que termina allí? ¿Qué mecanismos tiene TrustZone para detener el ataque? He leído los manuales pero no tengo nada claro, ¿pueden ayudarme a entenderlo mejor?
Atentamente
Of course it depends on the kind of attack. But the Monitor might inform the secure software about the exception (any kind) and the secure software will handle it accordingly.
But how do you know that exception is from an attacker? Is there any way to verify it?
No, you cannot know if this is an attack or just a programming error. But who cares? The secure SW knows the non-secure one is misbehaving so must take measures.