使用ARM TrustZone阻止非安全环境访问内存区域 [英] Use ARM TrustZone to prevent access to memory region from Non-Secure world
问题描述
我想在正常世界中运行一个功能丰富的 GNU/Linux 操作系统,并在其中运行一个集成了 Monitor 的小型操作系统. 保护世界.
I want to have a rich GNU/Linux OS running in the Normal world and a small OS with an integrated Monitor running in the Secure world.
我们必须绝对避免 正常世界来访问安全世界内存区域.
We have to absolutely avoid the Normal world to access the Secure world memory region.
TrustZone 的哪些功能需要使用/激活才能满足此要求?我只想使用必要的功能以最大程度地减少所需的工作.
Which feature(s) of TrustZone do we need to use/activate to fulfill this requirement? I'd like to use only the necessary features to minimize the work needed.
我已经阅读了许多 ARM TrustZone 文档,我知道 TZPC , TZASC ,具有安全扩展功能的MMU,但我不知道如何避免以下威胁:
I've read quite a lot of ARM TrustZone documentation, I'm aware of TZPC, TZASC, MMU with security extensions, but I can't figure out how to avoid the following threat:
一旦黑客获得了对内核空间的访问权,该如何阻止黑客停用MMU,并直接访问安全世界的物理内存区域?
也许这是无法想象或可行的?但是,如果是这样的话,我想必须使用 TZPC 来防止这种情况,对吗?或者,仅使用两个 TrustZone 世界就足够了吗?
Maybe this is not even imaginable or feasible? But if it's the case, my guess it that a TZPC is mandatory to prevent this, am I right? Or, does "simply" using the two TrustZone worlds is enough?
推荐答案
不受信任的代码在非安全状态下运行,因此CPU生成的任何总线事务都将被标记为非安全,因此这是使事物分离的互连.安全内存映射和非安全内存映射实际上是完全分开的东西,只是在大多数系统中,它们的连接或多或少都是相同的.
The untrusted code is running in non-secure state, therefore any bus transactions generated by the CPU will be marked as non-secure, thus it's the inherent functionality of the interconnect that keeps things separate. The secure memory map and the non-secure memory map are actually entirely separate things, it's just that in most systems they are wired up to be more or less identical.
现在,安全世界内存"要么是一些固定连接到安全内存映射的专用块(通常是片上SRAM),要么是经过精雕细琢并变成仅安全的通用DRAM块通过TZPC/TZASC.无论哪种方式,它都根本不存在于非安全内存映射中,因此,非安全软件无法执行任何操作来访问它.
Now, that "secure world memory" is either going to be some dedicated block (usually on-chip SRAM) that is hard-wired to the secure memory map, or a chunk of general DRAM carved out and made secure-only via a TZPC/TZASC. Either way, it simply doesn't exist in the non-secure memory map, therefore there's nothing non-secure software can do to access it.
这篇关于使用ARM TrustZone阻止非安全环境访问内存区域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
