[Arm-netbook] extraordinary claims ...

[Henrik Nordström]

lör 2012-07-07 klockan 11:07 -0700 skrev freebirds at fastmail.fm:
> Since Luke Leighton expressed an interest in security, I will inform you
> that TrustZone, who has morphed into Trusted Execution Environment (TEE)
> will be morphing into Mobicore. The description of Mobicore is REMOTELY
> manageable TEE. ARM is taking after Intel who morphed TPM into TXT
> (Trusted Execution Technolopgy). 

Now you are mixing things.

TrustZone (and TEE) is an security enabler, enabling the operating
system to be split in a hardened secure monitor and less trusted user
visible part.

The secured part can by design in most cases not have any form of remote
management without help of communication components in the less trusted
part relaying the communication, simply because there is no hardware
communication channels reserved for the trusted zone. 

It is technically possible to design hardware where the secure part do
have remote communication capabilities, but only if you have integrated
communication equipment (LAN/WLAN/cellular) with out-of-band management
communication channel. Such channels is commonly seen on server LAN
chipsets for enabling OOB monitoring/maintenance, but harder to
implement in WLAN environments due to MAC address restrictions. In
handset/cellular environments it's quite likely easy to add a separate
communication channel or the secure area, or alternatively route all
communication via the secure area. Cellular networks are more flexible
than both LAN and WIFI.

> "ARM is pairing with Giesecke & Devrient, makers of a custom heavily
> sandboxed, remotely manageable TEE operating system dubbed "Mobicore". 
> As an alternative to iOS or Android, companies could flash employee
> handsets with Mobicore, which is now being accelerated and enabled
> directly by hardware, thanks to the new partnership."
> http://www.dailytech.com/ARM+to+Bake+OnDie+Security+Into+Next+Gen+Smartphone+Tablet+PC+Cores/article24372.htm

This is not a TrustZone replacement. It's using TrustZone for
maintaining the security of the secured area. It needs more than just
TrustZone to work, it also needs hardware support in keypad access, LCD
and perhaps networking for the Mobicore environment to work.

But more likely Mobicore networking goes via the "untrusted/open" user
OS, but in encrypted from to protect from any attacks except for denial
of service.

> MobiCore would potentially allow crackers, investigators and government
> "corporate VPN access" to install (infect) apps (malware) in TrustZone.

In theory yes. Crackers/hackers will have to work hard to do so as the
trusted environent is designed exactly to prevent such things, but sure,
it's technically possible there is gaps/bugs in the security of the
supposedly secure & hardened environment just as there may be security
bugs in anything else.

> But like Intel developed TPM to include TXT, ARM is developing
> TrustZone to become more powerful than TPM.

TrustZone / TPM is an enabler. It all boils down to what you then use it
for. It can be used for good things and bad things, the technology
itself is neutral.

And if you have a device running a secured zone you don't know what it's
doing then it's hard to fully trust that device. But it's harder to
trust a device not having any security at all if you know you are likely
subject to physical tampering of your devices. The level required for
tapmpering with a device protected by good tampering protection such as
TrustZone is many many orders of magnitude higher than tampering with an
unsecured device.

> Perhaps this is why AMD partnered with ARM to include TrustZone in
> AMD's processors. We must know consider what TrustZone will become. It
> will become Mobicore. I will ask the above questions on the ARM forum.

AMD wants TrustZone to enable on-chip TPM functionality, which in it's
extension allows for a secured/sealed OS in parallell to the "user OS".

> Open hardware advocates and freedom advocates need to examine the safety
> of their hardware, identify the hype (spinning) of the advertised
> benefits of TrustZone and to recognize that present safety does not mean
> future safety if the hardware can be subsequently flashed by a third
> party.

Don't mix hardware technology (TrustZone / TPM) and use cases (Intel
TXT, G&D Mobicore).

Neither TXT or Mobicore is embedded in the CPU. Those are software
components. Their presense is easily seen, but their content and
execution is securely protected.

> At the bare minimum, disclose in the specifications of the
> EOMA-68 CPU Card, BeagleBoard xM and other ARM Cortex A boards,

All have TrustZone capabilities. But TrustZone is nothing without
software running in it and/or using it. It's easy to disable TrustZone
entirely in your OS software if you have control over the device, but
better if you actually make use of it to protect yourself. Making use of
it also protects you from others using the same technology to hide their
tampering of your devices from your view.

> the
> present and future full capacity of TrustZone. We need to customize
> hardware to be truly open hardware. Truly open hardware would not have
> TEE and Mobicore's remote monitoring.

We need to learn how to use TrustZone. This will prevent any abuse of
such technologies doing things we are not aware of, and enables us to
protect out software and data on our devices in a tamper safe manner
with the help TrustZone or equivalent on our devices.

> I will research whether flashing with Mobicore can be performed
> remotely.

mobicore can be part of an OTA software update, but unlikely anyone
handset manufacturer will license it in such manner.

> Even if flashing requires physical access, the cracker needs
> to be lucky just once to break into an office, room, car, storage unit,
> etc. to gain physical access.

And have already cracked the security of your handset hardware, and have
cracked the security of your handset manufacturer. You are already 500%
lost at this point even if there is no TrustedZone or Mobicore.

> There is probably no easy way to detect if Mobicore was installed or
> exactly what TrustZone is actively performing.

TrustZone being active should be easy to detect. And in itself is not
performing anything.

> Like AMD's and Intel's virtualization, secure erasing the hard drive and
> reinstalling the OS (and reflashing BIOS) will not deactivate
> virtualized monitoring.

Doing a security erase of the harddrive from a separate trusted computer
(where you know that harddrive access is not virtualized) securely
erases everything. But you need to know how to securely erase a
harddrive.

Systems with OOB monitoring is also easily detected, as this is a
advertised and well known feature when implemented in the hardware.
There is no manufactures who add stealth OOB management & monitoring,
and anyone doing so would get detected quickly.

> What will? Note the article stated "enabled
> directly by hardware." How will users know it exists and how to disable
> it? Would they be brave enough to ask on forums risking that they may be
> rejected as paranoid? Disabling TrustZone is not in users guides. I
> would not be surprised if disabled TrustZone can be flashed anyway.

TrustZone is a hardware feature, the capability of running a protected
and shielded piece of software. When such software is installed you
can't modify it or in most cases remove it without authorization by
whoever installed it in the first place. Any attempts to modify or
remove the protected & shielded piece of software will most likely
transform your device into a fancy paperweight.

Regards
Henrik