TrustZone: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
Secure World, also known as [http://www.arm.com/products/processors/technologies/trustzone/index.php TrustZone], Trusted Execution Environment, and (by Apple) Secure Enclave, is a sandboxed execution environment that has higher privileges that the normal [[Kernel]]. On the Vita, it seems that secure world has only a few tasks, which is facilitating communication with the [[F00D Processor]], as well as SceGrab and SceSonyRegbus HW devices. This provides an additional layer of buffer between the application processor and the security processor. In addition, after firmware 2.10, kernel process exceptions invoke a TrustZone call to initiate a kernel memory snapshot and encrypt it for use in a coredump.  
Secure World, also known as [http://www.arm.com/products/processors/technologies/trustzone/index.php TrustZone], Trusted Execution Environment, and (by Apple) Secure Enclave, is a sandboxed execution environment that has higher privileges that the normal [[Kernel]]. On the Vita, it seems that secure world has only a few tasks, which is facilitating communication with the [[F00D Processor]], as well as SceGrab and SceSonyRegbus HW devices. This provides an additional layer of buffer between the application processor and the security processor. In addition, after firmware 2.10, kernel process exceptions invoke a TrustZone call to initiate a kernel memory snapshot and encrypt it for use in a coredump.  


== FW Difference ==
== Changelog ==


{| class="wikitable"
{| class="wikitable"
|-
|-
! FW version !! What changed
! FW version !! What changed compared to previous FW version
|-
|-
| 3.36 || unknown
| 3.36 || unknown
|-
|-
| 3.50 || Initial stack base changed. (+ 0x100)
| 3.50 || Initial stack base changed (+ 0x100).
|}
|}


== Security ==
== Security ==
The main security of secure world is the same security that prevents kernel access which is that the secure kernel code is completely proprietary and cannot be seen in normal world. Without access to the code, it is hard to develop a targeted attack on secure world. However, once a secure world memory dump is achieved through a memory leak exploit, one can see that the secure kernel lacks most of the security features found in the [[Kernel#Security|non-secure kernel]]. This is likely because the secure kernel is only to provide an extra layer of protection to prevent unauthorized access to [[F00D Processor]] and does not function as it does on other TrustZone enabled devices (the iPhone for example uses it to store fingerprint data). Most of the above-kernel security will be found in that processor.
 
The main security of Secure World is the same security that prevents kernel access from usermode which is that the secure kernel code is completely proprietary and cannot be seen in Non-secure World. Without access to the code, it is hard to develop a targeted attack on Secure World. However, once a Secure World memory dump is achieved through a memory leak exploit, one can see that the ARM secure kernel lacks most of the security features found in the [[Kernel#Security|non-secure kernel]]. This is likely because the ARM secure kernel is only to provide an extra layer of protection to prevent unauthorized access to [[CMeP]] and does not function as it does on other TrustZone enabled devices (the iPhone for example uses it to store fingerprint data). Most of the above-kernel security will be found in that processor.


== Secure Devices ==
== Secure Devices ==
See [[Physical Memory]] for a list of known devices that can only be accessed in the secure world. The DRAM region <code>0x40000000</code> for 2MB (3MB prior to 3.52) can only be accessed in secure world. This is where the secure bootloader and kernel are loaded to. The [[F00D Processor]] can only be accessed in secure world and only secure world can handle [[Interrupts|interrupts]] from that processor.
 
See [[Physical Memory]] for a list of known devices that can only be accessed in the Secure World. The DRAM region <code>0x40000000</code> for 2MB (3MB prior to FW 3.50) can only be accessed in Secure World. This is where the secure bootloader and kernel are loaded to. [[CMeP]] can only be accessed in Secure World and only Secure World can handle [[Interrupts|interrupts]] from that processor.


== SCR ==
== SCR ==
After the boot initialization, the SCR is set to 0x00000004 which means FIQs are handled in secure world.
 
After the boot initialization, the SCR is set to 0x00000004 which means FIQs are handled in Secure World.
 


[[Category:Kernel]]
[[Category:Kernel]]

Revision as of 09:36, 14 January 2022

Secure World, also known as TrustZone, Trusted Execution Environment, and (by Apple) Secure Enclave, is a sandboxed execution environment that has higher privileges that the normal Kernel. On the Vita, it seems that secure world has only a few tasks, which is facilitating communication with the F00D Processor, as well as SceGrab and SceSonyRegbus HW devices. This provides an additional layer of buffer between the application processor and the security processor. In addition, after firmware 2.10, kernel process exceptions invoke a TrustZone call to initiate a kernel memory snapshot and encrypt it for use in a coredump.

Changelog

FW version What changed compared to previous FW version
3.36 unknown
3.50 Initial stack base changed (+ 0x100).

Security

The main security of Secure World is the same security that prevents kernel access from usermode which is that the secure kernel code is completely proprietary and cannot be seen in Non-secure World. Without access to the code, it is hard to develop a targeted attack on Secure World. However, once a Secure World memory dump is achieved through a memory leak exploit, one can see that the ARM secure kernel lacks most of the security features found in the non-secure kernel. This is likely because the ARM secure kernel is only to provide an extra layer of protection to prevent unauthorized access to CMeP and does not function as it does on other TrustZone enabled devices (the iPhone for example uses it to store fingerprint data). Most of the above-kernel security will be found in that processor.

Secure Devices

See Physical Memory for a list of known devices that can only be accessed in the Secure World. The DRAM region 0x40000000 for 2MB (3MB prior to FW 3.50) can only be accessed in Secure World. This is where the secure bootloader and kernel are loaded to. CMeP can only be accessed in Secure World and only Secure World can handle interrupts from that processor.

SCR

After the boot initialization, the SCR is set to 0x00000004 which means FIQs are handled in Secure World.