使用 ARM TrustZone 防止从非安全世界访问内存区域 [英] Use ARM TrustZone to prevent access to memory region from Non-Secure world
问题描述
我想要一个在普通世界中运行的丰富的GNU/Linux操作系统和一个在普通世界中运行的带有集成监视器的小型操作系统安全世界.
I want to have a rich GNU/Linux OS running in the Normal world and a small OS with an integrated Monitor running in the Secure world.
我们必须绝对避免正常世界来访问安全世界内存区域.
We have to absolutely avoid the Normal world to access the Secure world memory region.
我们需要使用/激活 TrustZone 的哪些功能来满足此要求?我只想使用必要的功能来最大限度地减少所需的工作.
Which feature(s) of TrustZone do we need to use/activate to fulfill this requirement? I'd like to use only the necessary features to minimize the work needed.
我已经阅读了很多 ARM TrustZone 文档,我知道 TZPC、TZASC、带有安全扩展的 MMU,但我不知道如何避免以下威胁:
I've read quite a lot of ARM TrustZone documentation, I'm aware of TZPC, TZASC, MMU with security extensions, but I can't figure out how to avoid the following threat:
什么能阻止黑客在获得内核空间的访问权后停用 MMU,并直接访问安全世界的物理内存区域?
What would stop a hacker, once he gained access to the kernel space, to deactivate the MMU, and directly access the physical memory region of the Secure world?
也许这甚至无法想象或可行?但如果是这样的话,我猜TZPC 是强制性的以防止这种情况发生,对吗?或者,简单地"使用两个 TrustZone 世界就足够了吗?
Maybe this is not even imaginable or feasible? But if it's the case, my guess it that a TZPC is mandatory to prevent this, am I right? Or, does "simply" using the two TrustZone worlds is enough?
推荐答案
不受信任的代码在非安全状态下运行,因此 CPU 生成的任何总线事务都会被标记为非安全,因此这是将事物分开的互连.安全内存映射和非安全内存映射实际上是完全不同的东西,只是在大多数系统中它们或多或少是相同的.
The untrusted code is running in non-secure state, therefore any bus transactions generated by the CPU will be marked as non-secure, thus it's the inherent functionality of the interconnect that keeps things separate. The secure memory map and the non-secure memory map are actually entirely separate things, it's just that in most systems they are wired up to be more or less identical.
现在,安全世界内存"要么是一些硬连线到安全内存映射的专用块(通常是片上 SRAM),要么是一块通用 DRAM 雕刻出来并仅用于安全通过 TZPC/TZASC.无论哪种方式,它都不存在于非安全内存映射中,因此非安全软件无法访问它.
Now, that "secure world memory" is either going to be some dedicated block (usually on-chip SRAM) that is hard-wired to the secure memory map, or a chunk of general DRAM carved out and made secure-only via a TZPC/TZASC. Either way, it simply doesn't exist in the non-secure memory map, therefore there's nothing non-secure software can do to access it.
这篇关于使用 ARM TrustZone 防止从非安全世界访问内存区域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
