极术小姐姐 · 2020年02月03日

TrustZone switching worlds

Hi,

Arm documentation "ARM Security Technology Building a Secure System using TrustZone Technology" says: The mechanisms by which the physical processor can enter monitor mode from the Normal world are tightly controlled, and are all viewed as exceptions to the monitor mode software. The entry to monitor can be triggered by software executing a dedicated instruction, the Secure Monitor Call (SMC) instruction, or by a subset of the hardware exception mechanisms. The IRQ, FIQ, external Data Abort, and external Prefetch Abort exceptions can all be configured to cause the processor to switch into monitor mode.

What control do you do?
If an attacker obtains root privileges, can he access the safe world? Is the secure monitor only protected by privilege level?

Thanks

1 个回答 得票排序 · 时间排序
棋子 · 2020年02月03日

An attacker with root privilge may provoce an exception or do an SMC to enter monitor mode. But in general, that is where it ends.

But if the attacker could gather enough information to do a valid SMC then security is corrupted.

你的回答
关注数
1
收藏数
0
浏览数
3209
棋子
极术微信服务号
关注极术微信号
实时接收点赞提醒和评论通知
安谋科技学堂公众号
关注安谋科技学堂
实时获取安谋科技及 Arm 教学资源
安谋科技招聘公众号
关注安谋科技招聘
实时获取安谋科技中国职位信息