Autor: Arnt Gulbrandsen Data: Para: dng Assunto: Re: [DNG] Google abandons UEFI in Chromebooks
Martin Steigerwald writes: > I don´t know much about Trustzone. Do you have any links to a good
> explaination of it (preferable from a non-vendor source)?
Not offhand, sorry. But let me summarise the one I read:
You can put code and data in a part of RAM and then turn off regular access
to those pages. After that point, the memory is only accessible when a CPU
core is in a special mode, the "secure world". Then there's a way to switch
to that mode and call functions, and a way to start a thread in the special
mode. A file system encryption system or keystore would do the former, a
hypervisor the latter.
Notably, it's regular RAM and not a dedicated core. You can easily tell how
big the secure world is and how much CPU the hypervisor uses. There's no
builtin hypervisor, it's something the boot process has to set up (or not).
You can imagine why DRM people like this, and that's what gets the media
attention. But it's a nice building block for other things, and if it isn't
used it's just a small bit of disused silicon (small size is a selling
point).