极术小姐姐 · 2020年02月03日

Discussion/Question: TrustZone vs Hypervisor

Hi this is more a discussion then a question:

What is the benefit of TrustZone (Secure/Non-Secure) vs. hyp (EL2) mode?

As to my knowledge, both need support on the SoC for the separation. Either direct the NS-signal to the peripheral (including all kinds of memory) or the need for a System MMU (SMMU) in case of the Hyp-mode (if DMA is involved).

So my question is, can TrustZone provide a stronger separation then Hyp mode?

Or is the only benefit, that the TrustZone separation can be done with less effort and with less code?

If secure booting is no goal but separation of - for example - a functional safe RTOS from a non-safe GPOS like Linux, then IMHO, Hyp mode is as good as TZ, even better as data aborts are precise and need no modification of the guest (whereas data aborts due to TZ viollation are imprecise).

Any thought?

1 个回答 得票排序 · 时间排序
棋子 · 2020年02月03日

Actually I do not see any advantage of TZ over hyp-mode. Code running in the virtual machine as no access to any underlying HW unless thestage 2 MMU allows it. And if a SoC has no SMMU, you simply cannot allow the guest to use DMA peripherals directly.

I cannot think of a threat where TZ behaves better then EL2/Hyp.

But, since EL2 is optional in some Armv8-A implementations, I can only guess that EL2/Hyp is more costly silicon-wise as a second stage MMU is needed.

Or EL2/Hyp is more costly performance wise?!

你的回答
关注数
1
收藏数
0
浏览数
3408
棋子
极术微信服务号
关注极术微信号
实时接收点赞提醒和评论通知
安谋科技学堂公众号
关注安谋科技学堂
实时获取安谋科技及 Arm 教学资源
安谋科技招聘公众号
关注安谋科技招聘
实时获取安谋科技中国职位信息