Trusty OS: ARMs version of Intel ME

Name
Email
Subject
Comment *
File	Select/drop/paste files here
Password	(Randomized for file and post deletion; you may also set your own.)
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Flag
Oekaki	Show oekaki applet (replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf Max filesize is 16 MB. Max image dimensions are 15000 x 15000. You may upload 3 per post.

File (hide): d65287805a4af02⋯.png (3.21 KB, 312x312, 1:1, scary_Kek.png) (h) (u)

File (hide): 8e75a37e9c1c93a⋯.png (185.93 KB, 3188x2291, 3188:2291, Architecture-of-TEE copy.png) (h) (u)

▶Trusty OS: ARMs version of Intel ME Anonymous 05/09/18 (Wed) 05:54:13 No.911556>>912815 [Watch Thread][Show All Posts]

http://newandroidbook.com/Articles/aboot.html

>Android's boot process starts with the firmware*, which loads from a ROM. The exact details of the firmware boot vary between devices and specific architectures (e.g. Qualcomm vs. NVidia).

>As discussed in the book, the standard aboot is derived from the "LittleKernel" project

https://github.com/littlekernel/lk/wiki/Introduction

>LK is the Android bootloader and is also used in Android Trusted Execution Environment - "Trusty TEE" Operating System.

https://source.android.com/security/trusty/

>Trusty is a set of software components supporting a Trusted Execution Environment (TEE) on mobile devices.

>A TEE processor is typically a separate microprocessor in the system or a virtualized instance of the main processor. The TEE processor is isolated from the rest of the system using memory and I/O protection mechanisms supported by the hardware.

>TEE processors have become a mainstay in today's mobile devices. The main processor on these devices is considered "untrusted" and cannot access certain areas of RAM, hardware registers and fuses where secret data (such as device-specific cryptographic keys) is stored by the manufacturer. Software running on the main processor delegates any operations that require use of secret data to the TEE processor.

So from what I gather from the surface;

>Most major SoC makers implement on-chip firmware

>The on-chip firmware consists of an instance of LittleKernel

>LittleKernel supplies the first and second stage bootloaders for Android

>It is also constantly running on a dedicated security processor inside the SoC using TrustZone extensions as part of Trusty OS

>It is responsible for handling cryptographic data and DRM

>All TrustZone processors help implement an "ARM Trusted Firmware" which includes AMDs use of TrustZone

Thoughts?

▶Anonymous 05/09/18 (Wed) 05:59:36 No.911557

https://developer.arm.com/technologies/trustzone

TrustZone is itself an example of a Trusted Execution Environment

https://en.wikipedia.org/wiki/Trusted_execution_environment

Implementations include AMD PSP and Intel TET

Basically all your OS' are running inside a hypervisor

▶Anonymous 05/09/18 (Wed) 06:02:15 No.911558>>911559 >>911620

Also, I can't seem to be able to find the actual source code to Trusty OS itself. Just the LittleKernel. But both are under a permissive license which means they're only open core

▶Anonymous 05/09/18 (Wed) 06:28:18 No.911559>>911609 >>911620

>>911558

The trusty OS itself is based on minix which has a cuck license which means they don't have to open source the changes they made to it.

▶Anonymous 05/09/18 (Wed) 09:42:36 No.911609>>911620

>>911559

Intel ME is based on Minix you mean, Trusty is based on LittleKernel

▶Anonymous 05/09/18 (Wed) 09:53:58 No.911613

File (hide): 32dfb3b36ee184c⋯.jpg (45.78 KB, 429x410, 429:410, 1393283910843.jpg) (h) (u)

Oh yeah, and also, Androids recovery partition is part of the "Rich OS" or the visible partitions. They're not part of ARM Trusted Firmware. ARM Trusted Firmware (Trusty) can not be touched at all.

The TEE is almost worse than Intel ME. It can have functionality that includes handling secure network handshaking including IoT shit, and has direct interface with all your passwords

https://www.trustonic.com/news/blog/benefits-trusted-user-interface/

>The Trusted User Interface feature allows a Trusted Application to interact directly with the user via a common display and touch screen. It protects the confidentiality and integrity of the information exchanged between a Trusted Application and the user from the Rich OS by use of hardware isolation built in to most modern smartphones. These features are then made possible

>Secure Input: The information entered by the user to a Trusted Application cannot be derived or modified by any software within the Rich OS or by another unauthorized Trusted Application.

"Rich OS" refers to whatever OS you actually use directly, be it Android, iOS, Windows Mobile.etc

▶Anonymous 05/09/18 (Wed) 10:31:19 No.911620>>911622

>>911558

>>911559

>>911609

For precision:

http://wiki.minix3.org/doku.php?id=www:documentation:read-more

https://github.com/littlekernel/lk/wiki/Introduction

BSD or MIT it's permissive, there's no source code sharing when binaries are distributes and there's not anti-tivoization clause that lets you execute your own modified version of the source code.

▶Anonymous 05/09/18 (Wed) 10:33:27 No.911622

>>911620

In other words the version running in your phone is effectively proprietary

▶Anonymous 05/09/18 (Wed) 19:24:07 No.911870

GAS

▶Anonymous 05/10/18 (Thu) 04:34:29 No.912067

bump

▶Anonymous 05/10/18 (Thu) 04:43:53 No.912070>>912073

How isn't this kind of thing anti-consumer? You are being sold a device which is artificially locked down and prevents the consumer from properly using it.

▶Anonymous 05/10/18 (Thu) 04:51:10 No.912073>>912799

>>912070

What makes you think this was made for the consumer? What makes you think they actually care?

▶Anonymous 05/11/18 (Fri) 15:12:39 No.912799

>>912073

>What makes you think this was made for the consumer?

Maybe the way that they sell things to consumers?

▶Anonymous 05/11/18 (Fri) 16:06:44 No.912815>>913024

>>911556 (OP)

From what I remember only the bootrom is on the chip itself. The rest is on flash storage (but verified by bootrom).

Also except pixel 2 afaik all android phones use the "virtualized proccesor" (arm trustzone).

Qualcomm has a tz os they made to be used on their socs, it got exploited a few years ago.

I think samsung use their own too.

▶Anonymous 05/12/18 (Sat) 01:28:44 No.913024>>913081

>>912815

>From what I remember only the bootrom is on the chip itself.

The bootrom is part of ARM Trusted Firmware

▶Anonymous 05/12/18 (Sat) 05:04:56 No.913081>>913083

>>913024

Don't know what that fancy term is for, but only the bootrom should be on die.

If there's a bug in the verification mechanism of the bootrom, the next stage bootloader (pbl or sbl, forgot) can be replaced by the user.

Since it's so early you can stop it from loading the TEE, not sure about loading your own.

▶Anonymous 05/12/18 (Sat) 05:23:30 No.913083>>913190

>>913081

Look at OPs block diagram. ARM Trusted Firmware in this case is TEE

>Since it's so early you can stop it from loading the TEE

Trusty is on-die.

▶Anonymous 05/12/18 (Sat) 10:10:13 No.913190>>913369

>>913083

It's not. An entire os for the TZ is too large and needs to be updatable.

It's stored on the flash, gets loaded during startup. It's verified before executed.

▶Anonymous 05/12/18 (Sat) 19:03:54 No.913369>>913420

>>913190

>An entire os for the TZ is too large and needs to be updatable.

Neither of these are true. Intel ME runs Minix.

▶Anonymous 05/12/18 (Sat) 21:09:09 No.913420

>>913369

No I mean on arm systems. The term belongs to the arm tech. Intel is something completely different. And by too large I mean too large to be stored on die.

Intel me firmware isn't on die either. Also updatable.

/tech/ - Technology★

General

WebM

Theme

User JS

Do not paste code here unless you absolutely trust the source or have read it yourself!

Favorites

Customize Formatting

Filters