Sounds reasonable, although I'd prefer the TZ memory to be discrete, outside of the SoC. We don't want TZ to evolve into IntelME, do we? ;)https://twitter.com/AndreaBarisani/status/790497935918235648 …
Anyway TZ code is always user controlled, so where memory lives is irrelevant. In fact internal RAM is harder to glitch.
-
-
Well, if TZ bootrom AND memory is going to be inside SoC, then it's no longer user-controllable or user-audit-able, is it?
-
in-SoC RAM: chip is internal rather than external, still usable as any RAM only location changes
-
there is no "TZ bootrom", TZ is 100% initialised by (and with) user code
-
Right. Today. Like there is no on-SoC memory, today :)
-
"TZ bootrom" is a concept that makes little sense and goes in the opposite direction of why TZ exists
-
TZ exists solely to allow arbitrary user code to run partitioned in Secure domain, it is an anti-harcoded-ROM security feature
-
with user != userspace, of course vendors can lock and secure boot TZ if they want, but those are integrators and not SoC makers
End of conversation
New conversation -
-
-
with internal RAM, do you mean a DRAM chip embedded in a SiP package or an internal SRAM of an SoC?
-
internal SoC RAM (example: 128Kb for the USB armory i.MX53)
-
THX! If I read the correct specs, that should be an SRAM chip. If so, Rowhammer might be difficult indeed :)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.