[Replicant] [PATCH 2/2] freedom-privacy-security-issues: TrustZone: Explain its issues.

[Paul Kocialkowski]

Le samedi 16 décembre 2017 à 11:44 +0100, Denis 'GNUtoo' Carikli a
écrit :
> This explains the interaction between a signed bootloader and TrustZone.

Slightly modified,

Acked-by: Paul Kocialkowski <contact at paulk.fr>

and merged!

> Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at no-log.org>
> ---
>  freedom-privacy-security-issues.php | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security-issues.php
> index cf380d2..ee57822 100644
> --- a/freedom-privacy-security-issues.php
> +++ b/freedom-privacy-security-issues.php
> @@ -87,6 +87,7 @@
>  				However, it also occurs that the bootloaders are cryptographically signed with a private key.
>  				In that case, the bootrom will check the signature against a public key that cannot be replaced and only run the bootloader if the signature matches.
>  				That sort of tivoization prevents replacing pre-installed bootloaders, even when their sources are released as free software.
> +				This is even more problematic when the bootloader is in charge of loading code into TrustZone as that code gives full control of the processor to software that is proprietary and/or cannot be modified.
>  				There are some good platforms that don't perform such signature checks and can run free bootloaders (e.g.
>  				Allwinner Ax, TI OMAP General-Purpose).
>  			</p>
-- 
Developer of free digital technology and hardware support.

Website: https://www.paulk.fr/
Coding blog: https://code.paulk.fr/
Git repositories: https://git.paulk.fr/ https://git.code.paulk.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20180806/c5b753e0/attachment.asc>