Hi this is more a discussion then a question:
What is the benefit of TrustZone (Secure/Non-Secure) vs. hyp (EL2) mode?
As to my knowledge, both need support on the SoC for the separation. Either direct the NS-signal to the peripheral (including all kinds of memory) or the need for a System MMU (SMMU) in case of the Hyp-mode (if DMA is involved).
So my question is, can TrustZone provide a stronger separation then Hyp mode?
Or is the only benefit, that the TrustZone separation can be done with less effort and with less code?
If secure booting is no goal but separation of - for example - a functional safe RTOS from a non-safe GPOS like Linux, then IMHO, Hyp mode is as good as TZ, even better as data aborts are precise and need no modification of the guest (whereas data aborts due to TZ viollation are imprecise).
Any thought?
Cheers
It is difficult to understand the question/comparison. What do stronger and weaker separations mean? Against what threat-model?
If the facilities provided by TrustZone (or similar platforms) are not required, then it is true that any comparison, between TrustZone and an entity that does fulfil the actual requirements, ends up favouring that entity.
The 'Embedded Hypervisor' wikipedia article lists running RTOS and GPOS on a single processor as one of the many use-cases.
a.surati said:It is difficult to understand the question/comparison. What do stronger and weaker separations mean? Against what threat-model?
Actually I do not see any advantage of TZ over hyp-mode. Code running in the virtual machine as no access to any underlying HW unless thestage 2 MMU allows it. And if a SoC has no SMMU, you simply cannot allow the guest to use DMA peripherals directly.
I cannot think of a threat where TZ behaves better then EL2/Hyp.
But, since EL2 is optional in some Armv8-A implementations, I can only guess that EL2/Hyp is more costly silicon-wise as a second stage MMU is needed.
Or EL2/Hyp is more costly performance wise?!
42Bastian Schick said:Actually I do not see any advantage of TZ over hyp-mode. Code running in the virtual machine as no access to any underlying HW unless thestage 2 MMU allows it. And if a SoC has no SMMU, you simply cannot allow the guest to use DMA peripherals directly.
Sure - the requirements are such that facilities provided by TrustZone aren't required.
TZ /can/ be thought of as capable of running two 'VMs' simultaneously, but a hypervisor is a simpler solution than using TZ as a virtualization solution.
What happens if the applications/OS running on the virtual machine start questioning the integrity of the hypervisor?
42Bastian Schick said:But, since EL2 is optional in some Armv8-A implementations, I can only guess that EL2/Hyp is more costly silicon-wise as a second stage MMU is needed.
Mobile devices may not need to run virtual machines, so they may exclude EL2, while still retaining EL3. However, shouldn't replacing EL3 with EL2 on mobile devices need strong proofs to show that running as a virtual machine is still as secure, and as economical as before?
Virtualization has been around since 1970s - it must not be difficult or costly to implement it today, given a sane ISA (ref. Popek and Goldberg requirements). EL3 might be economical because a mobile doesn't need more than two 'VMs' - one secure and the other non-secure, and both the 'VMs' can run at full speed (i.e. without requiring general-purpose device emulation). TZ might also be more economical compared to straightforward duplicating of resources.
--
Since a hypervisor is /designed/ to provide efficient virtualization, it isn't a surprise that TZ does not fare as well as a hypervisor in that department. Additionally, TZ isn't a framework which remains (or which is meant to remain) hidden (unlike a virtualization framework) - it is deeply invasive and explicit in the ways it divides up the resources.
It seems that the developments (such as IOMMU/SMMU, and virtualization-capable NICs, GPUs, HBAs, etc.), intended to make virtualization more efficient, also naturally bring about isolation of each resource. Technologies like Windows VBS attempt to provide a 'secure world' by utilizing hypervisor as a trusted entity. However, usecases where a hypervisor cannot be trusted, or where it is asked to prove itself as untainted naturally require a lower-level (and hence a hardware-based) solution.
a.surati said:EL3 might be economical because a mobile doesn't need more than two 'VMs' - one secure and the other non-secure, and both the 'VMs' can run at full speed
Thank you for your thoughts. I appreciate your time. You describe exactly what intend with our product and - yes - I think one big difference is that using TZ the "guest" is aware of its limitation whereas a VM guest does not.