Autore: Didier Kryn Data: To: dng Oggetto: Re: [DNG] Google abandons UEFI in Chromebooks
Le 31/10/2017 à 12:58, Arnt Gulbrandsen a écrit : > Martin Steigerwald writes:
>> I don´t know much about Trustzone. Do you have any links to a good
>> explaination of it (preferable from a non-vendor source)?
>
> Not offhand, sorry. But let me summarise the one I read:
>
> You can put code and data in a part of RAM and then turn off regular
> access to those pages. After that point, the memory is only accessible
> when a CPU core is in a special mode, the "secure world". Then there's
> a way to switch to that mode and call functions, and a way to start a
> thread in the special mode. A file system encryption system or
> keystore would do the former, a hypervisor the latter.
>
> Notably, it's regular RAM and not a dedicated core. You can easily
> tell how big the secure world is and how much CPU the hypervisor uses.
> There's no builtin hypervisor, it's something the boot process has to
> set up (or not).
The distinction trust-zone vs normal doesn't look very different of
kernel-mode vs user-mode, does it?