Originally Posted by mikezachlowe2004
Where are you getting this information? Who said anything about the ARM chip keeping you from running anything? I would like to know where you heard this from.
Here's three quick ones.
Typical applications of TrustZone Technology are to run a rich operating system in the less trusted world, and smaller security-specialized code in the more trusted world (named TrustZone Software, a TrustZone optimised version of the Trusted Foundations Software developed by Trusted Logic), allowing much tighter digital rights management for controlling the use of media on ARM-based devices, and preventing any unapproved use of the device. Open Virtualization is an open source implementation of the trusted world architecture for TrustZone.
In practice, since the specific implementation details of TrustZone are proprietary and have not been publicly disclosed for review
, it is unclear what level of assurance is provided for a given threat model
ARM TrustZone® technology is a system-wide approach to security on high performance computing platforms for a huge array of applications including secure payment, digital rights management (DRM), enterprise and web-based services
Trusted applications that work on a TrustZone technology-based SoC running a Trusted Execution Environment, separated from the main OS, protect from software/malware attack. The TrustZone switch into secure mode provides hardware backed isolation. Trusted applications are typically containerized allowing for example trusted applications from different payment companies to co-exist on a device.
(source: arm.com - page on trustzone
What is TrustZone Software?
TrustZone Software provides a minimal secure kernel
which can be run in parallel with a more fully featured "Rich OS", such as Linux, Symbian or Windows CE - on the same core. It also provides drivers
for the Rich OS ("normal world") to communicate with the secure kernel
TrustZone Software uses the security extensions to completely protect the secure kernel, and any secure peripherals, from code running in the normal world. This means that even if an attacker manages to obtain full supervisor privileges in the Rich OS, he cannot gain access to the secure world.
It is supplied with a secure monitor
, for switching between secure and normal world, and an example secure first-stage bootloader
For systems without the security extensions, TrustZone Software Emulation Version can be used to provide a software environment fully compatible with the TrustZone Software on systems with security extensions.Systems with a separate ARM processor dedicated for security can use the TrustZone Software Multicore - running the secure kernel on its own CPU.
(source:arm.com - technical faq
Imagine that you run a business that has a secure area. You need a security guard to screen the people going through. Now imagine that you contact an agency that provides such services and they send you a guard. You don't know anything about the guard, not even his name. Once the guard arrives he only allows entrance for people he was told could enter (told by the agency, not by you).
The question is: how much should you trust the agency or the guard?
Can you prove that the agency has given the guard the proper instructions?
What if he received additional instructions, such as searching for papers the agency believes you shouldn't have (or not permitting entrance for people carrying paperwork he has been told not to approve?
What if he has a wife and a couple of children that can be used to affect his judgement and allow in an intruder (you would never know as you don't know his name, let alone his family)?
What if the guard is a spy?
What if one day he doesn't let you in?
The analogy could continue, but I think my point is made. The ARM chip is that guard that you're supposed to trust and ARM is the Corporation. You must trust that the code does only what ARM states that it does (and almost everything about TrustZone is confidential). You must trust that it only allows your approved code to run (and not other code that some third party (government or otherwise) may force ARM to allow). You must trust that the code doesn't tamper with your files nor does it spy on your actions. You trust that when you put in that DVD, the hardware DRM will agree with you on the genuineness of your favorite blu-ray.
MOST IMPORTANTLY, you trust that the improvable is true and that no bugs exist in the code (and this despite the fact that it is only possible to prove the absence of known bugs -- never of unknown bugs). Because you CANNOT modify this OS, if such a bug exists, then you have no protection.
What if it doesn't?
In short, you give your complete trust to this program and it's creator in a way that no normal OS could ever force you to trust. There isn't an uninstall or even a source to look at. There's only acceptance and blind faith.
This is trusted computing.
This is NOT trustworthy security.Edited by hajile - 7/7/12 at 10:50pm