ARM Trustzone
来源:互联网 发布:2016网络大电影票房 编辑:程序博客网 时间:2024/06/05 20:52
What is TrustZone?
The term "TrustZone" is somewhat confusingly used when referring to any of the following:
The security extensions to the ARM architecture and the protection type signals in the AMBA3 AXI bus.
The security extensions to the ARM architecture and the protection type signals in the AMBA3 AXI bus.
TrustZone "support" or TrustZone "enabled".
What are the security extensions?
The security extensions to ARMv6 and later add the concepts of "secure" and "non-secure" states and a "secure monitor mode" used for switching between the two. A new instruction—SMC, Secure Monitor Call—has been added for switching execution from any privileged mode to the entry point of the secure monitor.
The AMBA3 AXI bus implements two new signals—ARPROT[1] and AWPROT[1], collectively referred to as AxPROT[1]. These indicate, for read and write transactions respectively, whether the current transaction is secure or non-secure.
Note: This does not necessarily indicate the state of the core, as it is possible for the secure world to perform non-secure accesses.
What is TrustZone Software?
TrustZone Software provides a minimal secure kernel which can be run in parallel with a more fully featured "Rich OS", such as Linux, Symbian or Windows CE—on the same core. It also provides drivers for the Rich OS ("normal world") to communicate with the secure kernel ("secure world").
TrustZone Software uses the security extensions to completely protect the secure kernel, and any secure peripherals, from code running in the normal world. This means that even if an attacker manages to obtain full supervisor privileges in the Rich OS, he cannot gain access to the secure world.
It is supplied with a secure monitor, for switching between secure and normal world, and an example secure first-stage bootloader.
For systems without the security extensions, TrustZone Software Emulation Version can be used to provide a software environment fully compatible with the TrustZone Software on systems with security extensions.
Systems with a separate ARM processor dedicated for security can use the TrustZone Software Multicore - running the secure kernel on its own CPU.
The secure operating system contains a STIP (see http://www.globalplatform.org/) interpreter, which can run "stiplets" in a secure sandbox environment. Using the Native Service API, it is also possible to develop native applications for the secure world.
What do the terms "TrustZone support" and "TrustZone enabled" mean?
Simply put, these terms refer to cores or peripherals making use of the AxPROT[1] signals to distinguish between secure and non-secure accesses—and modifying their behaviour accordingly.
For example, the L220 Level 2 cache controller stores an extra bit for each cache line describing whether the line was filled as a result of a secure or non-secure access. It will then return a miss if the non-secure world tries to access data that is in the cache, but tagged as secure.
Source: ARM Ltd
The term "TrustZone" is somewhat confusingly used when referring to any of the following:
The security extensions to the ARM architecture and the protection type signals in the AMBA3 AXI bus.
The security extensions to the ARM architecture and the protection type signals in the AMBA3 AXI bus.
TrustZone "support" or TrustZone "enabled".
What are the security extensions?
The security extensions to ARMv6 and later add the concepts of "secure" and "non-secure" states and a "secure monitor mode" used for switching between the two. A new instruction—SMC, Secure Monitor Call—has been added for switching execution from any privileged mode to the entry point of the secure monitor.
The AMBA3 AXI bus implements two new signals—ARPROT[1] and AWPROT[1], collectively referred to as AxPROT[1]. These indicate, for read and write transactions respectively, whether the current transaction is secure or non-secure.
Note: This does not necessarily indicate the state of the core, as it is possible for the secure world to perform non-secure accesses.
What is TrustZone Software?
TrustZone Software provides a minimal secure kernel which can be run in parallel with a more fully featured "Rich OS", such as Linux, Symbian or Windows CE—on the same core. It also provides drivers for the Rich OS ("normal world") to communicate with the secure kernel ("secure world").
TrustZone Software uses the security extensions to completely protect the secure kernel, and any secure peripherals, from code running in the normal world. This means that even if an attacker manages to obtain full supervisor privileges in the Rich OS, he cannot gain access to the secure world.
It is supplied with a secure monitor, for switching between secure and normal world, and an example secure first-stage bootloader.
For systems without the security extensions, TrustZone Software Emulation Version can be used to provide a software environment fully compatible with the TrustZone Software on systems with security extensions.
Systems with a separate ARM processor dedicated for security can use the TrustZone Software Multicore - running the secure kernel on its own CPU.
The secure operating system contains a STIP (see http://www.globalplatform.org/) interpreter, which can run "stiplets" in a secure sandbox environment. Using the Native Service API, it is also possible to develop native applications for the secure world.
What do the terms "TrustZone support" and "TrustZone enabled" mean?
Simply put, these terms refer to cores or peripherals making use of the AxPROT[1] signals to distinguish between secure and non-secure accesses—and modifying their behaviour accordingly.
For example, the L220 Level 2 cache controller stores an extra bit for each cache line describing whether the line was filled as a result of a secure or non-secure access. It will then return a miss if the non-secure world tries to access data that is in the cache, but tagged as secure.
Source: ARM Ltd
- ARM TrustZone
- ARM TrustZone
- ARM Trustzone
- ARM TrustZone
- ARM TrustZone
- ARM Trustzone
- ARM TrustZone
- ARM的TrustZone技术
- ARM TRUSTZONE 续
- ARM TrustZone技术简介
- TEE and ARM TrustZone
- ARM TrustZone技术
- ARM TrustZone and KVM
- ARM TrustZone ----ARM信任区
- 对ARM的TrustZone理解
- ARM TrustZone安全内核调研
- ARM TrustZone技术简介 -- 1
- ARM TrustZone技术简介 -- 2
- JDK 1.6 写Webservice时,runtime modeler error: Wrapper class com.ws.jaxws.DoSomething is not found问题的解决
- 她走了抑郁症女孩自杀绝望微博引关注
- 镜头焦距、视角和景深的关系
- iOS: bundle name, bundle display name, bundle identifier...
- dos命令新建文件
- ARM Trustzone
- proftpd安装
- WebService的物理路径与设置的不一样
- 十进制数转换成R进制数,R属于(1,36)
- 折腾wxwidgets,wxIE成功
- ajax实现(javascript以及jquery)
- iOS AvPlayer AvAudioPlayer音频的后台播放问题
- 油价“破八”抑制中低端车消费
- GIF(genomic inflation factor)值的计算方法
