问题描述
我目前正在对ARM的TrustZone进行一些研究,例如此处: ARM信息中心.据我了解,使用TrustZone可以创建基于AMBA AXI总线的安全环境.
I'm currently doing some research about ARM's TrustZone, e.g. here: ARM information center. As far as I understand, with TrustZone a secure environment based on the AMBA AXI bus can be created.
在 ARM网站上,它说:这种安全和可靠的概念非安全领域超出了处理器的范围,涵盖了SoC中的内存,软件,总线事务,中断和外围设备."我读到外围设备可以通过AMBA AXI总线的 S 安全位上的 N 连接到TrustZone(多余的信号用于区分可信和不可信要求).
On ARM website it says: "This concept of secure and non-secure worlds extends beyond the processor to encompass memory, software, bus transactions, interrupts and peripherals within an SoC." I read that peripherals can be connected to TrustZone via the NonSecure-bit of the AMBA AXI bus (The extra signal is used to differentiate between trusted and non-trusted requests).
1)除了带有AMBA AXI总线的额外引脚之外,带有TrustZone的SoC中的TrustZone专用硬件是什么?
1) What, except the extra pin of AMBA AXI bus, is the TrustZone specific hardware in a SoC with TrustZone?
2)是否可以将外部非易失性存储器(例如Flash)或其分区连接到TrustZone,从而可以访问安全环境(通过外部存储器接口,然后在内部使用AXI总线)?如果否,如何存储秘密(作为密钥)以在安全环境中使用(借助保险丝?)?如果是,如何防止包含恶意代码的Flash被连接?
2) Is it possible to connect an external non-volatile memory (e.g. Flash) or a partition of it to TrustZone with access to secure world (via external memory interface and -then internal- the AXI bus)? If no, how are secrets (as keys) stored to be used in the secure world (with help of fuses??)? If yes, how is it prevented that a Flash including malicious code is connected?
3)是否可以在芯片出厂之前或之后以芯片供应商(例如TI或NXP)的客户的身份向安全领域实现代码?
3) Is it possible to implement code to the secure world as a customer of a chip vendor (e.g. TI or NXP), either before or after the chip left the factory?
谢谢您的回答.
推荐答案
TrustZone是ARM发布的一组标准.它为OEM(嵌入式软件程序员)和SOC供应商提供了一些工具,以构成安全的解决方案.这些有不同的需求,取决于需要保护的内容.因此,每个SOC 都会不同.一些SOC制造商将尝试在同一安全性应用程序上竞争,但它们仍将与众不同.
TrustZone is a set of standards released by ARM. It gives OEM (embedded software programmers) and SOC vendors some tools to make a secure solution. These have different needs depending on what needs to be secured. So each SOC will be different. Some SOC manufacturers will try to compete on the same security application, but they will still differentiate.
供应商想要的任何东西.在大多数Cortex-A CPU中,GIC(ARMv7-A)中断控制器,L1和L2控制器以及MMU都是TrustZone感知的外围设备.这些由ARM设计,并在SOC中实现.同样,有各种各样的存储器分区/排除设备可以放置在外围设备和SOC之间.例如NIC301和各种专有的BUS互连技术.
Anything that the vendor wants. The GIC (ARMv7-A) interrupt controller, the L1 and L2 controllers, and MMU are all TrustZone aware peripherals in most Cortex-A CPUs. These are designed by ARM and implemented in the SOC. As well, there are various memory partitioning/exclusion devices which can be placed in between a peripheral and the SOC. Examples are the NIC301 and various proprietary BUS interconnect technology.
其他硬件可能包括物理篡改,电压和温度监控,时钟监控和加密加速器.
Other hardware may include physical tampers, voltage and temperature monitoring, clock monitoring and cryptography accelerators.
如上所述,像NIC301这样的芯片可以物理上划分AXI外设.任何TrustZone解决方案的一部分都是一些安全的启动机制.所有CPU都将在安全环境中启动.安全启动机制可能会有所不同.例如,一次可编程ROM 可能适合某些应用.许多产品具有可编程熔丝,并具有在SOC ROM中实现的公用/专用密钥机制. SOC ROM引导软件将验证一次熔断器烧毁的人是否正确签名了闪存中的映像.
As the above alludes, chips like the NIC301 can physically partition AXI peripherals. Part of any TrustZone solution is some secure boot mechanism. All CPU will boot in the secure world. The secure boot mechanism may vary. For instance, a one time programmable ROM might be appropriate for some applications. Many have programmable fuses with a public/private key mechanism implemented in SOC ROM. The SOC ROM boot software will verify that the image in flash is properly signed by whoever burned the one time fuses.
此OEM映像可以设置许多TrustZone外围设备,其中大多数将具有 lock 位.一旦设置,外围设备中的寄存器就不能更改,直到下一次硬启动.
This OEM image can set-up many TrustZone peripherals, most of which will have a lock bit. Once set, registers in the peripherals can not be changed until the next hard boot.
是的,这是安全启动机制.在ARM TrustZone文档中未指定如何保护代码.如果您制造芯片并拥有带有MESH层保护它的片上ROM,则可能足以确保安全启动.但是,TI和NXP将实施公钥/私钥机制,并验证只能加载由OEM签名的软件.该OEM软件可能存在错误(并且可能还有SOC供应商的ROM加载器),但是至少可以创建安全的启动链.
Yes, this is the secure boot mechanism. It is not specified in the ARM TrustZone documents on how code will be secured. If you manufacture the chip and have on-chip ROM with a MESH layer protecting it maybe sufficient for secure boot. However, TI and NXP will implement a public/private key mechanism and verify that only software signed by an OEM can be loaded. This OEM software can have bugs (and possibly the ROM loader by the SOC vendor), but at least it is possible to create a secure boot chain.
使用公钥,即使是完全访问芯片,也仅允许攻击者从OEM加载以前发布的软件.某些解决方案可能还具有撤销机制,以防止使用先前发布的软件.
With public key, even complete access to the chip will only allow an attacker to load previously released software from the OEM. Some solutions may have revocation mechanisms as well to prevent previously released software from being used.
请参阅:信任区域
- Typical ARM bus
- ARM partition checker
- Handling ARM TrustZone
这篇关于ARM TrustZone,是否连接外围设备?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!