4. ARM TrustZone Technology
“It aims at enabling the creation of an execution environment,
for protecting the confidentiality and integrity of critical code,
allowing that code to be executed isolated from the main
operating system (OS).” [0]
EL3
EL1
EL0
5. Design Category of Using TrustZone
• Security services
• Virtualization
• Development frameworks
22. Semantic Gap
• [利用特性]
– the secure world always maintains complete control
over and visibility into the non-secure world (similar
to a hypervisor and its guests)
– Visibility: the secure world and its associated TAs
have the ability to read and write to non-secure world
memory
• BOOMERANG (自食其果~”~) exploits the
semantic gap inherent to the design of all the
current TEE implementations.
24. Revocation
• QSEE revocation
– The Attestation certificate preventing “rolling back”
to older versions of the software image
– 但 all trustlets share the same image identifier
• Kinibi revocation
– Reverse-engineer the bootloader binary including TEE
kernel
– 沒有DOC ->找到TEE kernel->又找到parsing
signature->解出the structure of the signature
– 但直接送有問題的tasklet就可@@a
[6]
25. Reference
• [0] 2016, Joao Rocheteau Ramos, TrustFrame, a Software
Development Framework for TrustZone-enabled Hardware
• [1] 2014, Xiaolei Li, DroidVault- A Trusted Data Vault for Android
• [2] 2015, He Sun, etc., TrustOTP- Transforming Smartphones into
Secure One-Time Password Tokens
• [3] 2014, Ahmed M Azab, etc. Hypervision Across Worlds : Real-
time Kernel Protection from the ARM TrustZone Secure World
• [4] 2017, Zhichao Hua, etc. vTZ- Virtualizing ARM TrustZone
• [5] 2017, Nick Stephens, etc. Boomerang- Exploiting the Semantic
Gap in Trusted Execution Environments
• [6] 2017, Gal Beniamini, Trust Issues-Exploiting TrustZone TEEs