制定臂信任区计划 [英] Develop programs for Arm trust zone
问题描述
我如何开发采用ARM的信任区域应用?具体来说,我想开发一个程序,可以在安全的世界保存敏感数据。
How can I develop applications that use Arm's trust zone? Specifically, I want to develop a program that can save sensitive data in the secure world.
若本计划在正常的世界或世界安全运行?我知道有trustlets在安全的世界,做我需要开发trustlets?是否有SDK或API
我可以用它来直接与现有安全的世界的操作系统进行交互还是需要编译和安装我自己的安全操作系统?
Should this program run in the normal world or the secure world? I know there are trustlets in the secure world, do I need to develop trustlets? Are there SDK or API that I can use to directly interact with an existing secure world os or do I need to compile and install my own secure os?
任何意见,将大大AP preciated。
Any advice will be greatly appreciated.
感谢您!
推荐答案
有两个极端。这些都记录在<一个href=\"http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/index.html\">Software ARM的 安全技术概述章:建立使用TrustZone技术的一个安全的系统。
There are two extremes. These are documented in the Software overview chapter of ARMs Security Technology: Building a Secure System using TrustZone Technology.
在光谱的一端,只有一组的的API 可从的正常的世界被调用。这是在详细的SMC的的Linux 的调用。例如,如果该设备包含的公私的键,一个 API 的调用可能签数据。该的正常的世界将永远不会有机会获得的私人的关键,但任何人都可以验证设备的原始的通过验证签名。所以的正常的世界是自由转发通过任何通信接口这一请求。这也许认证的装置的一部分。
At the one end of the spectrum, there is only a set of APIs which can be called from the normal world. This is detailed in the SMC calls for Linux. For instance, if the device contains a public-private key, an API call could sign data. The normal world would never have access to the private key, but anyone can verify that the device is original by verifying the signature. So the normal world is free to forward this request over any communications interface. This maybe part of authenticating a device.
在此模式中,在这两个的安全的和的正常的世界(所谓的 TEE 的和的稀土<一个完全成熟的OS / em>的其他地方)。该操作系统必须中断和调度合作。他们还可以使用 SMC 通话,锁定免费算法和信号灯以及共享内存的
In this mode, there is a full blown OS in both the secure and normal world (called TEE and REE elsewhere). The OSs must co-operate with interrupts and scheduling. They may also use SMC calls, lock free algorithms and semaphores along with shared memory.
ARM 建议使用的 FIQ 的的的安全的世界,离开的 IRQ 的的的正常的世界。具体来说,有设置从遮蔽的 FIQ 的停止的正常的世界永远。所有这些问题都依赖于类型的 IPC 的安排的中断响应的等系统的需求。
ARM recommends using the FIQ for the secure world and to leave the IRQ for the normal world. Specifically, there are settings to stop the normal world from masking the FIQ ever. All of these issue rely on the type of IPC, scheduling, interrupt response, etc that the system needs.
最简单的安全的调度也总pre抢先的正常的世界。只有的空闲的任务会产生CPU到的正常的世界。一个更灵活的解决方案将具有的调度的通力合作,使这两个世界能有更高和低优先级任务。
The simplest Secure scheduler would always pre-empt the normal world. Only the idle task would yield the CPU to the normal world. A more flexible solution would have the schedulers co-operate so that both worlds can have higher and lower priority tasks.
这篇关于制定臂信任区计划的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
