[Arm-netbook] ARM's OOB para-virtualization & FreeZone in A10?

freebirds at fastmail.fm freebirds at fastmail.fm
Fri Jul 6 15:26:42 BST 2012


Gordan Bobic wrote:
Sure, but that still doesn't explain how they got into the machine and 
> gained root access. If they managed to gain root access to your machine 
> they already have full control. You need to establish the initial attack 
> vector and plug that.
> 
> Bottom line - you need to stop the perp from gaining shell access in the 
> first place. After that you are just fighting an increasingly losing
> battle.

Thank you for your advice. How to proceed, I don't know. Today, I
conducted further research to answer your question how they got into my
machines. Acer Aspire One 722 has AMD-V. This year, three times I
purchased an Acer and returned it within the 14 day return policy,
because Jack's crackers cracked AMD-V. Though two Atom processors have
Intel VT, my Asus and MSI Atom netbooks do not. The clue on Intel's
other hardware assisted virtualization (HAD) was at
http://openvirtualization.org/open-source-arm-trustzone.html#TrustZone-5

This article stated: "Effectively, the ARM TrustZone API is deprecated
and all the newer implementations use GlobalPlatform TEE as the
reference. How does the Trusted Execution Environment (TEE) compare to
Trusted Platform Mobile (TPM)? There are two main components of platform
security:
Trusted Execution Environment and Trusted Platform Module. . . . Popular
CPU Architectures and their TEE implementations: ARM TrustZone. Intel
TXT, AMD Secure Execution Environment. All three of these TEE
implementations provide a virtualized Execution Environment for the
secure OS and applications. To 
switch between the secure world and the normal world, Intel provides SMX
Instructions, while ARM uses SMC. Programmatically, they all achieve
very similar results."

Intel developed its version of TEE called TXT in 2006. A search using
"Atom" and "TXT" did not answer whether Atom has TXT. TXT works with
TPM. Intel implemented TPM in 2004. Most likely Atom has TXT.  "Starting
from the use of more advanced Trusted Platform Module (TPM) chips and
adding new hardware extensions to both processors and chipsets, TXT can
perform the following . . ."
http://blog.activeservers.com/PermaLink,guid,2436962e-cc42-4720-864a-d08b64d2872d.aspx

A computer repairman had suggested that my abuser's hackers may be using
TPM. Researching TPM brought up old articles on TPM. The hype was that
TPM improved safety. Only today did I find articles on Intel bring
virtualization to TPM via TXT. Intel accomplished a mere two years after
launching TPM. If I were to purchase an older laptop instead of an ARM
or MIPS, the model would have to be pre 2006.

Reading further, I discovered that TXT is not Intel's first
virtualization extension. LaGrande is. Intel renamed LaGrande TXT.
LaGrande has: "Protected Execution allows software to be run under a
protected environment, where no other software can have access to the
resources being used by the software, especially RAM memory – i.e., to
the data being manipulated and generated by the software. Resources also
include devices and processes being executed (i.e., the software
itself)."
http://www.hardwaresecrets.com/article/Intel-LaGrande-Technology-Explained/264/6

 Searching with "Atom" and "LaGrande" did not answer whether Atom has
 LaGrande. Intel's data sheets on virtualization should reference and
 link to all their various forms of virtualization. Intel should provide
 complete specifications on their processors. Computer manufacturers
 should provide complete specs. They don't. I have not seen any specs
 regarding TPM, TEE and LaGrande.

To make this relevant to ARM on a small machine, I will discuss Open
Virtualization's statement: "Effectively, the ARM TrustZone API is
deprecated and all the newer implementations use GlobalPlatform TEE as
the reference." This means that the initial description of TrustZone,
like the initial description of TPM, does not describe the newer morphed
version that is presently used. Since AllWinner uses ARM Cortex A8 which
has TrustZone, it is important to fully comprehend the implications to
security that TrustZone, now morphed into TEE, has.

Every one else on this mailing list may have a secure firewall. You may
naively believe that you do not need to review TrustZone and TEE
because: (1) your firewall protects you; or (2) no one would ever want
to hack your TrustZone anyway. Even if this was true, it is important to
consider people who's firewall is not secure and/or have someone or some
government who wants to discretely monitor them.

Does a secure firewall really prevent access to TrustZone or TEE?
Intel's TXT has been hacked. See
http://www.pcworld.com/businesscenter/article/159833/researchers_detail_intel_txt_hacks_at_black_hat.html
and
http://theinvisiblethings.blogspot.com/2009/01/attacking-intel-trusted-execution.html
It is foreseeable that TrustZone/TEE is hackable.

Tom Cubie has ordered the netbook for me from Sunlike. Yet, the more I
read about TrustZone, the more I fear it. I am wondering whether
switching to ARM will provide any protection from hardware assisted
virtualization. 

The ARM guide on ARM's website is ambiguous. I am requesting members of
this mailing list on the behalf of myself and other newbie victims,
activists and vulnerable others to research whether Allwinner A10
supports TrustZone, is TrustZone enabled, how in user friendly terms how
to tell, how to disable it and how to tell if it stays disabled. Thank
you. 
  

-- 
http://www.fastmail.fm - Choose from over 50 domains or use your own




More information about the arm-netbook mailing list