If you were starting from a clean slate, how would you make an "on-chip HSM" which wasn't as baroque (and broke) as SGX, TrustZone, etc?
-
-
a good starting question is: "why are there usage errors in TrustZone and how can a better design avoid them?"
-
invalid arithmetic on pointers passed to Secure world via TZ exposed API
-
limiting Secure world memory visibility from all to just its own would help but severely limit TZ use cases
-
this is up to TZ-aware memory controller and not core itself, this is the 2nd issue...only core TZ is standardized
-
#iirc memory exclusion is present but optional, and never used indeed. -
I don't think it's even optional and it's always up to the SoC memory controller, and they all differ...
-
completely agree with
@AndreaBarisani. Let's also add SW to the picture. E.g: EL3.1 wth crazy SMC handlrs -
Ptr checks performed in NWd, APIs allowing TAs map arbitrary memory, RWX memory maps..etc
End of conversation
New conversation -
-
-
I personally like the "clean slate" idea, a chance to start afresh with new designs.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.