Le 31/10/2017 à 12:58, Arnt Gulbrandsen a écrit :
Martin Steigerwald writes:
I don´t know much about Trustzone. Do you have any links to a good
explaination of it (preferable from a non-vendor source)?
Not offhand, sorry. But let me summarise the one I read:
You can put code and data in a part of RAM and then turn off regular
access to those pages. After that point, the memory is only accessible
when a CPU core is in a special mode, the "secure world". Then there's
a way to switch to that mode and call functions, and a way to start a
thread in the special mode. A file system encryption system or
keystore would do the former, a hypervisor the latter.
Notably, it's regular RAM and not a dedicated core. You can easily
tell how big the secure world is and how much CPU the hypervisor uses.
There's no builtin hypervisor, it's something the boot process has to
set up (or not).
The distinction trust-zone vs normal doesn't look very different of
kernel-mode vs user-mode, does it?
Didier
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
