[Arm-netbook] ARM's OOB para-virtualization & FreeZone in A10?

nil namespace_collision at yahoo.com
Thu Jul 5 10:57:18 BST 2012 

> Now I
> am afraid of ARM too! Is MIPS the only processor left that does not have
> OOB monitoring? Is my only choice a Lemote Yeelong A3 which is not yet
> available in the United States? Or going backwards in technology by
> purchasing a Pentium 4 notebook prior to 2004 when Trusted Platform
> Module (TPM) and prior to 2006 when Intel's AMT was installed in
> laptops?
Your fear is (mostly) unnecessary. Also, coreboot?
(also, not all laptops have TPMs; and they're even less useful to an attacker
than hardware virtualization.)

> Thereby, a hacker can hack into the local LAN to hack into a netbook's
> AMD's virtualization:
Doesn't follow.

> ARM's TrustZone is in ARM
> Cortex 6 and above. The Allwinner A10 has an ARM Cortex A8. ARM Cortex
> A8 has TrustZone. I am assuming A10 is TrustZone capable.
Quite possibly, although I'd be surprised if it was actually used in any 
products.

> Yey, my abuser's hackers have sniffed my root password. Yes, I have
> other problems. But they are off topic so I won't discuss them here.
Sorry, figure of speech. What I was trying to say was that TrustZone is not a
threat[1]. To make use of it in a remote attack, the adversary must already 
have their code running in kernel mode. If kernel mode is the highest level of
privilege on your system (if you don't have a VMM running, it will be,) this
means it's already entirely compromised; no TrustZone necessary.
 
> Is a handler installed in A10? Is there a method of removing or
> disabling it TrustZone? Disabling may not be adequate. 
If by "in [the] A10" you mean in the bootrom, you can check if you like; hno has
dumped it (I'd be surprised, fwiw.) It starts "disabled", and is part of the
hardware so cannot be removed. There's a bit in a control register that disables
handler installation, and it can only be set once per boot, iirc? That's about
as disabled as it gets.
 
> CuBox has an ARMv7 which has both TrustZone
> and ARM's virtualization extensions (VE). HOwever, CuBox's
> specifications omit this.  http://solid-run.com/products. Wikipedia only
> mentions TrustZone. http://en.wikipedia.org/wiki/CuBox
CuBox uses Marvell's Sheeva core, which is not an ARM design; it has neither,
afaict (some marketing bits call its cryptoaccelerator "TrustZone," though)

> Unfortunately, the Freedomboxfoundation as a whole is not concerned that
> TrustZone and ARM's virtualization extensions are backdoors for hackers,
> government, etc. A Freedombox implies safety and privacy but it's
> hardware is neither. FreedomboxFoundation banned me from posting because
> I raised questions on the safety of their hardware.
Since hardware virtualization per se is not a "backdoor[] for hackers,
government, etc," they are correct to be unconcerned, and I am guessing it is
because the questions were ill-founded. Apophenia and paranoia, however useful
they might be in one's own circumstances, are liabilities in the design of
secure systems.

> Open hardware is a contradiction in terms if it allows any type of
> remote monitoring such as remote virtualization. Yet, the websites I
> have looked at on open hardware such as Qi hardware at
> http://en.qi-hardware.com/wiki/Main_Page, and
> http://wiki.openhardware.org/Main_Page fail to discuss out of band
> monitoring.
Out-of-band monitoring doesn't Just Happen as a feature, it has to be explicitly
designed and implemented. It's not being discussed because it doesn't need to be
- probably not part of any desired use-case for open hardware devices, if I had
to guess.
 
> ARM's para-virtualization is separate from TrustZone. For example, ARM
> Cortex A5 has para-virtualization but not TrustZone.
"Paravirtualisation" is a software technique, and different from hardware
virtualisation. It means the virtualised guest has to be modified in order to
cooperate with the hypervisor. It can't be identical to what would run on "bare
metal."
 
> Does A10 and Cortex A8 have ARM's virtualization extensions? The
> articles on ARM's virtualization mention Cortex A5, Cortex A7, Cortex A9
> and Cortex A15 have it. They don't mention Cortex A8 but that does not
> mean A8 doesn't have para-virtualization. 
A7 is the low-power version of the A15 in the 'big.little' architecture, so it
too has the hardware virtualisation extensions. A5, A8, and A9 do not; just
TrustZone.


[1] on a technical level. Culturally and economically? It worries me.

More information about the arm-netbook mailing list