[Arm-netbook] ARM's OOB para-virtualization & FreeZone in A10?
Henrik Nordström
henrik at henriknordstrom.net
Fri Jul 6 21:34:55 BST 2012
fre 2012-07-06 klockan 07:26 -0700 skrev freebirds at fastmail.fm:
> because Jack's crackers cracked AMD-V.
Eh? AMD-V is a virtualization technology. Virtualization do not open any
holes, or have any hidden network stuff. To make anything use
virtualization on your hardware without you knowing they first need full
and complete access to your box.
> A computer repairman had suggested that my abuser's hackers may be using
> TPM.
How?
A TPM do not have any remote connectivity at all.
> Researching TPM brought up old articles on TPM. The hype was that
> TPM improved safety. Only today did I find articles on Intel bring
> virtualization to TPM via TXT. Intel accomplished a mere two years after
> launching TPM. If I were to purchase an older laptop instead of an ARM
> or MIPS, the model would have to be pre 2006.
Why? A TPM do not open any holes for an attacker, it only enables you to
close them by making use of the TPM to secure your system from others
trying to tamper with it.
By NOT actively using these technologies you leave yourself vulnerable
to others tampering with your system.
> Every one else on this mailing list may have a secure firewall.
I have no firewall at all in the normal sense. It's just a false
security in most networks only causing problems and not stopping any
meaningful threats.
> You may naively believe that you do not need to review TrustZone and TEE
I strongly believe that we need to make proper use of technologies like
TrustZone and TEE to make sure computing can be done in a safe and
trusted manner locking out all forms of unwanted hacking.
The downside is that the same technologies can also be abused by
manufacturers to lock out their customers from the hardware they have
bought, as it seen in for example i* products but more worrying even TV
sets and also tablets & phones of other makes.
> Does a secure firewall really prevent access to TrustZone or TEE?
It's unrelated.
> Intel's TXT has been hacked. See
> http://www.pcworld.com/businesscenter/article/159833/researchers_detail_intel_txt_hacks_at_black_hat.html
Yes, and patched.
> It is foreseeable that TrustZone/TEE is hackable.
Ofcourse, everything is hackable. But hacking these things require the
hacker to already have full control of your normal environment and now
wanting to take control over your system security keys. If your system
do not have a TPM the hacker have full freedom to mess with out. If you
make use of a TPM to protect your system software then the hacker also
have to crack the TPM to be able to tamper with your system without you
noticing if the TPM is used correctly.
> whether Allwinner A10 supports TrustZone
It does. But details beyond that is unknown.
> is TrustZone enabled
No known software exists that uses TrustZone on A10. Even have serious
doubts on if TrustZone is really working to an acceptable level on the
A10.
Regards
Henrik
More information about the arm-netbook
mailing list