• Locked Locked
  • Replies 10 replies
  • Subscribers 117 subscribers
  • Views 6227 views
  • Users 0 members are here
Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ARM trustZone

Vipin Josua
Note: This was originally posted on 21st June 2012 at http://forums.arm.com

[color=#222222][font=arial, sans-serif][size=2]I am a student from kuwait and very much interested in trusted computing. I have few doubts in basic understanding of trusted computing.[/size][/font][/color][color=#222222][font=arial, sans-serif][size=2]
[/size][/font][/color][color=#222222][font=arial, sans-serif][size=2]1) What was the need for Trustzone when TPM itself could perform trusted computing ? Is it just because of space contraints due to extra chip?[/size][/font][/color][color=#222222][font=arial, sans-serif][size=2]2) Why cannot the secure OS in trustzone be modified? is it because it is smaller trust base one can make it bug free?[/size][/font][/color][color=#222222][font=arial, sans-serif][size=2]3) What is the basic difference between Intel TXT and Trustzone ?   [/size][/font][/color][color=#222222][font=arial, sans-serif][size=2]
[/size][/font][/color][color=#222222][font=arial, sans-serif][size=2]  I tried searching in internet about Intel TXT and I am totally confused. Thanks a lot in advance for your help. [/size][/font][/color]
  • Note: This was originally posted on 25th June 2012 at http://forums.arm.com

    Thanks for the reply. It was really helpful. I have one more fundamental question. Can I assume that both OS run concurrently? or the processor can only be in one mode at a time ( either secure or non-secure)?
  • Note: This was originally posted on 27th June 2012 at http://forums.arm.com

    So i can think of TrustZone as separate OS rite? ..Whenever normal OS wants a secure action to be taken , it reboots or calls the other secure OS and does the action securely. So TrustZone is like an extra OS in which one can perform safely all sensitive operations !
  • Note: This was originally posted on 28th June 2012 at http://forums.arm.com

    This website that GopuSierra posted says" [font=MyCustomFont][size=4]To improve security, these ARM processors can run a secure operating system (secure OS) and a normal operating system (normal OS) at the same time from a single core "...But people here in forum say both OS do not run concurrently..Who is right? PLEASE DO NOT CONFUSE ME MORE ..[/size][/font]
  • Note: This was originally posted on 8th July 2012 at http://forums.arm.com

    Thanks a lot.But the more documents I read , I am more unclear on fundamental concept . If anyone can please explain what is 'virtualisation' and what does ARM mean by saying they provide a  hardware enforced virtualisation ?

    So far, What I understood is only one processor which has two OSes ( just like Linux + Windows) , but one OS has previlage to secure regions and written bug-free so we name it TrustZone. Ofcourse to enable this privilage we modify the hardware of SoC and also give a mechanism that this secure OS cannot be re-written.
  • Note: This was originally posted on 28th June 2012 at http://forums.arm.com


    So i can think of TrustZone as separate OS rite? ..Whenever normal OS wants a secure action to be taken , it reboots or calls the other secure OS and does the action securely. So TrustZone is like an extra OS in which one can perform safely all sensitive operations !


    Please check www.openvirtualization.org for trustzone implementation.
  • Note: This was originally posted on 29th June 2012 at http://forums.arm.com


    This website that GopuSierra posted says" To improve security, these ARM processors can run a secure operating system (secure OS) and a normal operating system (normal OS) at the same time from a single core "...But people here in forum say both OS do not run concurrently..Who is right? PLEASE DO NOT CONFUSE ME MORE ..


    It will not run concurrently.
  • Note: This was originally posted on 22nd June 2012 at http://forums.arm.com

    1) A TPM has no compute capability, it is simply a secure storage device with attestation capability, but it relies on the outside (untrusted) system to do most of the calculations.

    2)[color=#222222][font=arial, sans-serif][size=2] Why cannot the secure OS in trustzone be modified?[/size][/font][/color]
    [color=#222222][font=arial, sans-serif][size=2]
    [/size][/font][/color]
    [color=#222222][font=arial, sans-serif][size=2]I'm not sure what you are asking here. As a technology from ARM TrustZone provides hardware building blocks to build a secure environment. Any system developer can write their own secure OS to run in this [/size][/font][/color]environment. In a running system then yes, you want to prevent modification (security risk), and as always smaller is better (less bugs -> less security risk).
  • Note: This was originally posted on 25th June 2012 at http://forums.arm.com

    Worth noting that in an SMP system with multiple physical cores you could have one core in "secure" and a second in "non-secure", so you can get some parallel processing working. A single core is only ever in one world at a time though ...

    Iso
  • Note: This was originally posted on 8th July 2012 at http://forums.arm.com

    [color=#222222][font=Arial, Verdana, Tahoma, sans-serif][size=2]
    anyone can please explain what is 'virtualisation'
    [/size][/font][/color]
    http://en.wikipedia.org/wiki/Virtualization

    [color=#222222][font=Arial, Verdana, Tahoma, sans-serif][size=2]
    what does ARM mean by saying they provide a hardware enforced virtualisation ?
    [/size][/font][/color]
    [color=#222222][font=Arial, Verdana, Tahoma, sans-serif][size=2]
    [/size][/font][/color]
    [color=#222222][font=Arial, Verdana, Tahoma, sans-serif][size=2]The split between the resources of the two "virtual" systems is enforced by hardware, not software.[/size][/font][/color]
  • Note: This was originally posted on 25th June 2012 at http://forums.arm.com

    At any one time the core is either in the secure world or the normal world.  So the OSs do not truly run concurrently.