• Locked Locked
  • Replies 3 replies
  • Subscribers 122 subscribers
  • Views 6810 views
  • Users 0 members are here
Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Qualcomm S4 Snapdragon 8XXX series

ontrack hack
Note: This was originally posted on 14th February 2013 at http://forums.arm.com

Hi all,
   first time here. I was curious if anyone had any idea if anyone had any information on what kind of TrustZone Qualcomm 8xxx series chipset are employing? isnt' trustzone ARM specific and even though they have their own KRAIT AP processor it is still based on ARM. so, does that mean the trustzone architecture mentioned below would apply?

http://infocenter.ar..._whitepaper.pdf

it just seems like TZ security extension are a combination of SW and HW that allow partitioning of secure/non secure components (memory/peripherals)
there seem to be TZ images that a loaded from EMMC and subsequent TZ APIs that allow normal world (HLOS) to interact with the secure world in a secure manner via SCM.

I am not sure where TPM and TEE come into play. is TEE achieved in the chipset itself thus it being a secure environment as opposed to TPM? also I am not sure what they mean when they talk about TPM interface 2.0 ?

also i wanted to ask about TZ kernel security. so in the case of HLOS kernel like android for example is that what is being parsed into secure and non secure as i thought all kernel level operations are privileged? 

as you can tell i am pretty wet behind the ears on this and would like some direction and guidance in perhaps understanding the general idea of trustzone.



thanks,
DJ
  • Note: This was originally posted on 15th February 2013 at http://forums.arm.com

    My understanding is that the Qualcomm processors support the Security Extensions (to use its proper name), but they don't call it TrustZone.  They have their own marketing type name,

    No, you don't move parts of the Android kernel into the secure world.  What you have is a separate, trusted, kernel in the secure world with the Android kernel in the normal/non-secure world.  The trusted kernel hosts a number of services, which the Android environment can request the use of.
  • Note: This was originally posted on 18th March 2013 at http://forums.arm.com


    Hi all,
       first time here. I was curious if anyone had any idea if anyone had any information on what kind of TrustZone Qualcomm 8xxx series chipset are employing? isnt' trustzone ARM specific and even though they have their own KRAIT AP processor it is still based on ARM. so, does that mean the trustzone architecture mentioned below would apply?

    http://infocenter.ar..._whitepaper.pdf

    it just seems like TZ security extension are a combination of SW and HW that allow partitioning of secure/non secure components (memory/peripherals)
    there seem to be TZ images that a loaded from EMMC and subsequent TZ APIs that allow normal world (HLOS) to interact with the secure world in a secure manner via SCM.

    I am not sure where TPM and TEE come into play. is TEE achieved in the chipset itself thus it being a secure environment as opposed to TPM? also I am not sure what they mean when they talk about TPM interface 2.0 ?

    also i wanted to ask about TZ kernel security. so in the case of HLOS kernel like android for example is that what is being parsed into secure and non secure as i thought all kernel level operations are privileged? 

    as you can tell i am pretty wet behind the ears on this and would like some direction and guidance in perhaps understanding the general idea of trustzone.



    thanks,
    DJ


    as far as I know, Qualcomm uses mobicore as their secure os for trust zone implementation. If you look at the kernel source code of Qualcomm's chip, there is an interface called scm (secure channel manager) that communicates the normal world with the secure world. I am curious to know if it is possible for third-party developers to program trustzone application on their platform. I suspect not. If anyone knows how, please kindly share.