Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
411 views
in Technique[技术] by (71.8m points)

linux kernel - Handling ARM TrustZones

ARM has something called TrustZone. As per ARM documentation , it gives that a process can run in Secure / Non-Secure World.

  1. What does the Secure / Non-Secure World means. Is it related to Processor executing modes or it is related to setting the permissions of memory regions or something else.
  2. Is there any relationship between the 7 operating modes of ARM and the Secure / Non-Secure Worlds.
  3. How to enable the TrustZone in ARM.
  4. From Which version of ARM is this introduced.
  5. Is it mandatory to use this TrustZone. Does linux kernel uses this TrustZone extension.

Kindly help me in understanding this.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/index.html is a pretty good introductory document that gives an overview of something a little bit too complex to be satisfactorily explained by typing into a text box. But I'll try to answer your direct questions below.

  1. It refers to an additional privilege option orthogonal to the execution modes. Secure world has the ability to make memory accesses tagged as secure, but can also make non-secure accesses. Normal world can only make non-secure accesses. In addition, certain processor configuration options are only accessible to Secure world. The intent is to isolate secure software in a simple environment where it cannot be (directly) vulnerable to software exploits in the device's main operating system or application software.
  2. None, apart from it adding an additional "monitor" mode. This monitor mode is used for the "context switch" between Normal and Secure world.
  3. TrustZone isn't enabled, it is implemented (or not).
  4. TrustZone was introduced in the Security Extensions to ARM architecture version 6. The first processor supporting it was ARM1176. All Cortex-A processors support it.
  5. "No", although since TrustZone-capable processors start executing in Secure state on power-on, if the boot loader does nothing to change the security state, all software will run as Secure (removing any security benefits). No, the TrustZone environment is explicitly intended to run alongside your OS, not to be directly integrated into it. For some platforms, the Linux kernel performs Secure Monitor Calls to request Secure world to change certain system configuration options.

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...