Sounds reasonable, although I'd prefer the TZ memory to be discrete, outside of the SoC. We don't want TZ to evolve into IntelME, do we? ;)https://twitter.com/AndreaBarisani/status/790497935918235648 …
-
-
Replying to @rootkovska
Anyway TZ code is always user controlled, so where memory lives is irrelevant. In fact internal RAM is harder to glitch.
2 replies 0 retweets 0 likes -
Replying to @AndreaBarisani
Well, if TZ bootrom AND memory is going to be inside SoC, then it's no longer user-controllable or user-audit-able, is it?
1 reply 0 retweets 0 likes -
Replying to @rootkovska
in-SoC RAM: chip is internal rather than external, still usable as any RAM only location changes
1 reply 0 retweets 0 likes -
Replying to @AndreaBarisani @rootkovska
there is no "TZ bootrom", TZ is 100% initialised by (and with) user code
1 reply 0 retweets 0 likes -
Replying to @AndreaBarisani
Right. Today. Like there is no on-SoC memory, today :)
1 reply 0 retweets 0 likes -
Replying to @rootkovska
"TZ bootrom" is a concept that makes little sense and goes in the opposite direction of why TZ exists
1 reply 0 retweets 2 likes -
Replying to @AndreaBarisani @rootkovska
TZ exists solely to allow arbitrary user code to run partitioned in Secure domain, it is an anti-harcoded-ROM security feature
1 reply 0 retweets 0 likes
with user != userspace, of course vendors can lock and secure boot TZ if they want, but those are integrators and not SoC makers
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.