为 Arm 信任区开发程序 [英] Develop programs for Arm trust zone
问题描述
如何开发使用 Arm 信任区的应用程序?具体来说,我想开发一个可以在安全世界中保存敏感数据的程序.
How can I develop applications that use Arm's trust zone? Specifically, I want to develop a program that can save sensitive data in the secure world.
这个程序应该运行在正常世界还是安全世界?我知道安全世界中有 trustlets,我需要开发 trustlets 吗?是否有 SDK 或 API我可以用来直接与现有的安全世界操作系统交互还是需要编译和安装我自己的安全操作系统?
Should this program run in the normal world or the secure world? I know there are trustlets in the secure world, do I need to develop trustlets? Are there SDK or API that I can use to directly interact with an existing secure world os or do I need to compile and install my own secure os?
任何建议将不胜感激.
谢谢!
推荐答案
有两个极端.这些记录在 软件概述一章.
There are two extremes. These are documented in the Software overview chapter of ARMs Security Technology: Building a Secure System using TrustZone Technology.
另一方面,只有一组API可以从普通世界中调用.这在 Linux 的 SMC 调用中有详细说明.例如,如果设备包含一个公钥-私钥,API 调用就可以对数据进行签名.普通世界永远无法访问私钥,但任何人都可以通过验证签名来验证设备是原始.所以普通世界可以自由地通过任何通信接口转发这个请求.这可能是对设备进行身份验证的一部分.
At the one end of the spectrum, there is only a set of APIs which can be called from the normal world. This is detailed in the SMC calls for Linux. For instance, if the device contains a public-private key, an API call could sign data. The normal world would never have access to the private key, but anyone can verify that the device is original by verifying the signature. So the normal world is free to forward this request over any communications interface. This maybe part of authenticating a device.
在这种模式下,安全和普通世界(称为TEE和REE 其他地方).操作系统必须配合中断和调度.他们还可以使用SMC 调用、无锁算法和信号量em> 以及共享内存.
In this mode, there is a full blown OS in both the secure and normal world (called TEE and REE elsewhere). The OSs must co-operate with interrupts and scheduling. They may also use SMC calls, lock free algorithms and semaphores along with shared memory.
ARM 建议将 FIQ 用于 secure 世界,并为 保留 IRQ正常的世界.具体来说,有一些设置可以阻止正常世界掩盖FIQ.所有这些问题都取决于系统需要的IPC、调度、中断响应等类型.
ARM recommends using the FIQ for the secure world and to leave the IRQ for the normal world. Specifically, there are settings to stop the normal world from masking the FIQ ever. All of these issue rely on the type of IPC, scheduling, interrupt response, etc that the system needs.
最简单的Secure调度程序总是先于正常世界.只有 idle 任务会将 CPU 交给 正常 世界.一个更灵活的解决方案是让调度器合作,这样两个世界都可以有更高和更低优先级的任务.
The simplest Secure scheduler would always pre-empt the normal world. Only the idle task would yield the CPU to the normal world. A more flexible solution would have the schedulers co-operate so that both worlds can have higher and lower priority tasks.
这篇关于为 Arm 信任区开发程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
