TrustZone, a Dimension of Multiple Worlds
Posted January 20, 2013 at 05:00 am by Adam Outler
TrustZone (a.k.a. TZ), in conjunction with Secure Element, is becoming more prevalent in modern devices. The TrustZone acts as a buffer between the kernel and the hardware. It prevents the kernel from directly interfacing with the hardware, but it also does so much more.
We all want secure devices for certain things like keypad inputs, payments, secure information transfer, and the TrustZone provides all of this. It does so by operating at a higher privileged level than the operating system, running applications and preventing access to certain information.
Think of a TrustZone like a cloaking shield, when you make certain system calls they appear invisible and bounce off with an error. The TrustZone specifies what memory locations, addresses, and registers are available and unavailable to the kernel. It also provides basic, proprietary APIs that allow restricted calls to this information or run privileged tasks. These tasks can range from sending a controlled power management command to secure access to payments. Even functions that prevent overclocking to the point of hardware damage can be handled by TrustZone. But this is just the tip of the iceberg.
There is also another method of Trust Zone implementation, which is known as the “Trusted Execution Environment.” In the Trusted Execution Environment lives an entirely separate operating system with its own kernel. The TEE may have more control over the system than standard kernel.
When used properly, there is no reason for a manufacturer to wish to lock down the kernel of a Trusted Execution Environment device. The TEE runs as its own separate kernel to monitor and provides functions with which the system can interact and make requests in a secure manner. The TEE can provide everything the carriers and manufacturers wish, while leaving the user-interface and insecure kernel totally customizable.
This dual-OS concept should leave you with questions. What is to prevent the manufacturer and carrier from spying on you, non-opt-out targed advertising, and sale of your personal data? Nothing, except a trusted relationship between you and your carrier. What prevents malware from replacing the TrustZone? A hardware initiated Chain-of-Trust with several cryptography features such as that found in Qualcomm devices. Securing the Chain-of-Trust and TrustZone/TEE is of the utmost importance soon as we migrate further towards digital payments from our phones.
With the technology available today, there is no reason for a manufacturer or carrier to lock down a device in the traditional sense. Just as a properly designed game will prevent a user from cheating, a properly implemented TZ will prevent the operating system from abusing the hardware or network. This leaves the operating system as customizable as the android apps you currently install on your system.
The TrustZone is not limited to software only, though. In fact, its primary mission is to block direct access to hardware. Most devices today can support up to three storage devices, but only use two. It’s entirely possible for a device to have a 1 gig internal sdcard for system recovery hidden behind the TrustZone shield. This would eliminate the problem of maintainability of a modified device. Total and immutable system recovery is possible, but currently is not implemented by any device manufacturer.
This generation of smartphones and tablets is capable of total customization without sacrifice of secure functions and on a personal note, I’m tired of playing these cat-and-mouse games with manufacturers and carriers (see more when we RE-Unlock the Verizon Galaxy Note 2 later this week). I’d like to see them work with the hacking/modding community rather than against us. If they want to ensure their applications run as though they were part of the hardware, that’s fine, but leave the customizability alone. As stated by XDA Elite Recognized Developer Entropy512, “Carriers can achieve their legitimate stated goals even without TrustZone.” Just remember, carriers, a gigantic part of the reason people buy Android devices is the same reason XDA-Developers community has over 4.7 million members.[Source: Arm TrustZone]
Want something on the XDA Portal? Send us a tip!