[Replicant] Trustonic TEE in Samsung SoCs
Paul Kocialkowski
contact at paulk.fr
Sat Mar 5 09:46:11 UTC 2016
Le mardi 01 mars 2016 à 11:02 -0800, Blibbet a écrit :
> On 02/29/2016 09:16 PM, Bob Summerwill wrote:
> [...]
> > * Samsung KNOX, using Trustonic's TEE (
> > https://www.trustonic.com/technology/trusted-execution-environment) which
> > sounds much like the notorious Intel ME to me. Does anybody here have
> > experience of Trustonic TEE, and can confirm that. or explain what it does
> > better than me? I think it's more proprietary software on-silicon,
> which
> > constrains what you can run on your own device.
> [..]
>
> https://en.wikipedia.org/wiki/Trusted_execution_environment#Implementations
>
> Most ARM chips have TrustZone or some other TEE. Most Intel systems have
> a Mangement Engine. Most AMD systems have a Platform Security
> Processor. There are open source implementations of TEE, like OP-TEE.
> TEEs protect 'untrusted' software stacks (Windows, Linux, Android,
> etc.). It can be helpful for security, and may also be misused by
> attackers to abuse security and privacy. It is 'notorious' if you want
> to reconfigure a system in a way that the vendor would consider
> something more a security attack than a normal use case of a consumer. :-(
TruztZone and TEE are not inherently a bad thing indeed, but on some platforms,
those are only available when bootrom signature verification is enforced.
For instance on OMAP[0], TrustZone is only available on HS (High Security)
devices that enforce signature verification, while it's disabled on GP (General
Purpose) devices. In practice, it means that since we cannot replace the
bootloader (the signature fuses are always already programmed on HS devices), we
can't have control of TrustZone either on HS devices.
On some other platforms (such as the i.MX53 and perhaps the latest Tegra
platforms), the user can be in control of it. This is the case on the USB
armory.
Bear in mind that TEE on TrustZone is a separate system, running with more
privileges (regarding hardware access) than the regular operating system. This
is really bad for user's privacy and security. It is very likely that TrustZone
TEE is actively used on most devices that enforce bootloader signature checks,
(including those with Replicant support). This is yet another very strong
reasons to focus on devices that are able to run free bootloaders.
[0]: https://e2e.ti.com/support/omap/f/849/t/58680
--
Paul Kocialkowski, Replicant developer
Replicant is a fully free Android distribution running on several
devices, a free software mobile operating system putting the emphasis on
freedom and privacy/security.
Website: https://www.replicant.us/
Blog: https://blog.replicant.us/
Wiki/tracker/forums: https://redmine.replicant.us/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20160305/46d1f940/attachment.asc>
More information about the Replicant
mailing list