Trustzone + ARMv8M

General discussion about anything related to Ultibo.
Gavinmc42
Posts: 1552
Joined: Sun Jun 05, 2016 12:38 pm
Location: Brisbane, Australia

Trustzone + ARMv8M

Postby Gavinmc42 » Fri Nov 25, 2016 2:45 am

Make IoT gadgets with Linux and you run up against the security issues.
Things are happening re this with the chip makers, software guys etc.

Did some googling
http://iot.stanford.edu/
Mentioned that Stanford is working with ARM to add extra secure stuff to chips used for IoT.
Interesting little noise generator too.

http://www.iconlabs.com/prod/internet-s ... net-things

Hot off the press
http://thehackernews.com/2016/11/kasper ... ystem.html

That leads me to ARM's Trustzone stuff.
https://www.arm.com/products/security-o ... /index.php
https://github.com/ARM-software/arm-trusted-firmware
Seem to remember something about Hypervisor etc on the Raspberry forum, which did not click at the time.

I've been talking about having scripting options with Ultibo.
Probably should have Trustzone working for that option?

In a roundabout what this leads me to what chips Ultibo should support next.
viewtopic.php?f=10&t=97&p=1518&hilit=ARMv8M#p1518

Probably time to bring this into it's own post.
Does not seem to be any ARMv8M chips for real yet.

But I did find this
https://github.com/OP-TEE/optee_os
There is support for Pi3 so that people can start practicing TZ coding etc.

How to get TZ working in Ultibo and on the Pi3?
Then when the new AMRv8M chips are out, Ultibo will be ready.
Er these are only 32bit so don't throw away that armhf compiler yet, still life for the 32bitters :lol:

Maybe someday Ultibo will have a booth next to IAR at TechCon?
Remember 7 figures at least Garry, actually by then, hold out for 8 or 9 figures :lol:

For most of my current IoT stuff even a B+ is overkill, but they are easy to get and use.

Not sure if I would trust a Chinese ARM chip for IoT.
What is inside those Allwinner chips? They are financed directly by the Chinese Government.
Is that why the Japanese acquired ARM? Where's my tinfoil hat?

http://www.zerohedge.com/news/2016-07-1 ... pany-world
Think my hat just fell off, getting paranoid now.

Any Chinese x86 makers? Who own's Intel/AMD, AMD make 64bit ARM's.
Time to look at Open source CPU's?
haiqu
Posts: 252
Joined: Mon Oct 31, 2016 5:09 am
Location: Brisbane

Re: Trustzone + ARMv8M

Postby haiqu » Fri Nov 25, 2016 4:56 am

Gavinmc42 wrote:Not sure if I would trust a Chinese ARM chip for IoT.
What is inside those Allwinner chips? They are financed directly by the Chinese Government.
Is that why the Japanese acquired ARM? Where's my tinfoil hat?

Feeling the strain?

Image

http://www.zerohedge.com/news/2016-07-18/did-china-just-buy-most-important-company-world
Think my hat just fell off, getting paranoid now.

Any Chinese x86 makers? Who own's Intel/AMD, AMD make 64bit ARM's.
Time to look at Open source CPU's?

The ARMH sale comes as no surprise, they were ripe for the plucking. The Chinese tried with MIPS but it didn't fly so the next obvious target was ARM. They have no interest in x86 and afaict it only has one or two generations left before the whole company implodes, that is if Trump doesn't cause a civil war in the meanwhile.
Make mine a Pi with source.
Gavinmc42
Posts: 1552
Joined: Sun Jun 05, 2016 12:38 pm
Location: Brisbane, Australia

Re: Trustzone + ARMv8M

Postby Gavinmc42 » Fri Nov 25, 2016 5:54 am

Feeling the strain

Sure am, day 5 trying to debug some Linux shell script.
Looking for any diversion from the brain strain.

Doing some relaxing reading
http://bigdata-madesimple.com/learning- ... -learning/
Before getting stuck into the ARMv8A manuals

Why so much ML in Python, it's crap for that.
Think I might have to write the book "ML in Pascal"
Finally something making sense, got code not stupid formulas.
https://www.mathematik.uni-marburg.de/~ ... Pascal.pdf
http://ktiml.mff.cuni.cz/~bozovsky/en/kohonen.htm
Rambling again, not been a good week :?
User avatar
Ultibo
Site Admin
Posts: 2183
Joined: Sat Dec 19, 2015 3:49 am
Location: Australia

Re: Trustzone + ARMv8M

Postby Ultibo » Sun Nov 27, 2016 1:02 am

Gavinmc42 wrote:That leads me to ARM's Trustzone stuff.
https://www.arm.com/products/security-o ... /index.php
https://github.com/ARM-software/arm-trusted-firmware
Seem to remember something about Hypervisor etc on the Raspberry forum, which did not click at the time.

How to get TZ working in Ultibo and on the Pi3?

Implementing the trusted OS part requires some clever bits of code but the good thing is Ultibo returns the CPU to the "Secure" world during the first few instructions of the boot process in spite of the firmware insisting on switching the CPU to "Non Secure" world and then to Hypervisor mode just to support KVM in Linux.

So it would be possible to implement a secure core that then loaded another non secure application on top of it (that non secure application could even be a Linux kernel itself) and the secure core would retain control in the background.

As I said, this requires some very clever coding but the links you provided do point to some existing implementations to work from.

The other way to proceed is using the hypervisor mode but while that can be used to isolate a child task (like a scripting engine) so it doesn't impact the parent task it is designed for a different purpose and it has been shown many times that a virtual machine can actually kill the host on both Linux and Windows.

One interesting thing about Trustzone is it works on ARMv6 so even the Pi Zero has it whereas hypervisor is only available on the ARMv7 and above.
Ultibo.org | Make something amazing
https://ultibo.org
Gavinmc42
Posts: 1552
Joined: Sun Jun 05, 2016 12:38 pm
Location: Brisbane, Australia

Re: Trustzone + ARMv8M

Postby Gavinmc42 » Sun Nov 27, 2016 1:37 am

Hypervisor is more for safer multitasking apps/kernels/QEMU on top of OS?

Probably of more use getting Trustzone working then for IoT, especially if it is on ARMv6 as well.
Only been reading the v8 manuals, did not spot it in the 6/7.
As most of my current gen IoT runs on B+, time to read up on Trustzone and v6/7.
Gives you a chance to get the rest of the 64bit stuff going.

Do need we need KVM?
Somebody probably just stuck up their hand.

For IoT is Trustzone more important/higher priority?
I think so and I have not even read the manual yet ;)

Use Hypervisor on the Pi3 running 3 x QEMU Pi B+ armv6 Ultibo apps that talk to each other via virtual network?
Hmm hand up :lol:

Is it one Trustzone per core or per chip? Er manual time.
A long time ago I used to know everything in the cpu manuals.
Not sure if my poor old brain can stretch anymore.
Gavinmc42
Posts: 1552
Joined: Sun Jun 05, 2016 12:38 pm
Location: Brisbane, Australia

Re: Trustzone + ARMv8M

Postby Gavinmc42 » Wed Jan 30, 2019 4:02 am

Over 2 years since I looked at this.
Found a page that explains it better, at least for me
https://genode.org/documentation/articles/trustzone

One day I hope I will understand it and perhaps use it.

Return to “Discussion”

Who is online

Users browsing this forum: No registered users and 0 guests