Adam Outler · Jan 20, 2013 at 05:00 am

TrustZone, a Dimension of Multiple Worlds

TrustZone (a.k.a. TZ), in conjunction with Secure Element, is becoming more prevalent in modern devices.   The TrustZone acts as a buffer between the kernel and the hardware.   It prevents the kernel from directly interfacing with the hardware, but it also does so much more.

We all want secure devices for certain things like keypad inputs, payments, secure information transfer, and the TrustZone provides all of this.  It does so by operating at a higher privileged level than the operating system, running applications and preventing access to certain information.

Think of a TrustZone like a cloaking shield, when you make certain system calls they appear invisible and bounce off with an error.  The TrustZone specifies what memory locations, addresses, and registers are available and unavailable to the kernel.  It also provides basic, proprietary APIs that allow restricted calls to this information or run privileged tasks.  These tasks can range from sending a controlled power management command to secure access to payments.  Even functions that prevent overclocking to the point of hardware damage can be handled by TrustZone.  But this is just the tip of the iceberg.

TZLogo

There is also another method of Trust Zone implementation, which is known as the “Trusted Execution Environment.” In the Trusted Execution Environment lives an entirely separate operating system with its own kernel.  The TEE may have more control over the system than standard kernel.

When used properly, there is no reason for a manufacturer to wish to lock down the kernel of a Trusted Execution Environment device.  The TEE runs as its own separate kernel to monitor and provides functions with which the system can interact and make requests in a secure manner.  The TEE can provide everything the carriers and manufacturers wish, while leaving the user-interface and insecure kernel totally customizable.

TEEKernel

This dual-OS concept should leave you with questions.  What is to prevent the manufacturer and carrier from spying on you, non-opt-out targed advertising, and sale of your personal data?  Nothing, except a trusted relationship between you and your carrier.  What prevents malware from replacing the TrustZone?  A hardware initiated Chain-of-Trust with several cryptography features such as that found in Qualcomm devices.  Securing the Chain-of-Trust and TrustZone/TEE is of the utmost importance soon as we migrate further towards digital payments from our phones.

With the technology available today, there is no reason for a manufacturer or carrier to lock down a device in the traditional sense.  Just as a properly designed game will prevent a user from cheating, a properly implemented TZ will prevent the operating system from abusing the hardware or network.  This leaves the operating system as customizable as  the android apps you currently install on your system.

immutablesystem

The TrustZone is not limited to software only, though. In fact, its primary mission is to block direct access to hardware.  Most devices today can support up to three storage devices, but only use two.  It’s entirely possible for a device to have a 1 gig internal sdcard for system recovery hidden behind the TrustZone shield.  This would eliminate the problem of maintainability of a modified device.  Total and immutable system recovery is possible, but currently is not implemented by any device manufacturer.

This generation of smartphones and tablets is capable of total customization without sacrifice of secure functions and on a personal note, I’m tired of playing these cat-and-mouse games with manufacturers and carriers (see more when we RE-Unlock the Verizon Galaxy Note 2 later this week).  I’d like to see them work with the hacking/modding community rather than against us.  If they want to ensure their applications run as though they were part of the hardware, that’s fine, but leave the customizability alone.  As stated by XDA Elite Recognized Developer Entropy512, “Carriers can achieve their legitimate stated goals even without TrustZone.”  Just remember, carriers, a gigantic part of the reason people buy Android devices is the same reason XDA-Developers community has over 4.7 million members.

[Source: Arm TrustZone]
_________
Want something on the XDA Portal? Send us a tip!

Adam Outler

AdamOutler is an editor on XDA-Developers, the largest community for Android users. Electronics Tech/ Developer View AdamOutler's posts and articles here.
Mario Tomás Serrafero · Jul 30, 2015 at 02:04 pm · 3 comments

What Do You Think About Fingerprint Scanners?

More and more phones are featuring fingerprint scanners, and with many promising developments and it being natively supported on Android M, we can soon expect to see them on smartphones everywhere. If done right, it is a useful feature that allows for quick unlocking and authorization. There are concerns regarding security, but nonetheless the industry seems to be embracing it with open arms. What do you think?

DISCUSS
Aamir Siddiqui · Jul 30, 2015 at 01:20 pm · no comments

What’s Next for Samsung and Its Flagships?

If we were to say that the Galaxy S6 was a leap of faith made by Samsung, we wouldn't be too wrong. After all, the device marked a definite change in how Samsung perceived the market and its own place in it, as it stood amongst the signs of decline which started with the critical reception of the Galaxy S5. To recap, the Samsung Galaxy S5 was criticized heavily for feeling more like a toy, rather than a premium flagship...

XDA NEWS
Eric Hulse · Jul 30, 2015 at 12:24 pm · 2 comments

The Ultimate Showcase of dBrand Skins

In the search for ways to protect, accessorize, and personalize; a user has many options. One could choose a case, a “skin”, “armor”, or “wraps.” In fact, the global mobile accessory market is poised to reach a high of $62 Billion in 2017. dBrand is one of the more creative and friendly vinyl skin manufacturers around. In hopes of sharing what they can offer, our friends at dBrand sent us over some skins to have a look at. They offer...

XDA NEWS