Security requires isolation and for most ARM systems, this comes in the form of the ARM TrustZone, which divides the CPU into a secure and normal world. This allows the system to run a trusted exectuion environment (TEE) in the secure world and a rich execution environment (REE) in the normal world.
Of course, the TEE needs to be loaded from somewhere and be executed somewhere else. Doing this in a secure manner requires careful orchestration between multiple firmwares and failure to do so leads to serious vulnerabilities.
The talk starts off with a TEE setup that should sound familiar to many:
A prebootloader starts at the highest privilige level, does some DDR initialization and loads TF-A and OP-TEE as well as the final bootloader into memory. Then TF-A is invoked installing itself as secure monitor and OP-TEE as trusted OS before returning to the bootloader in a lower privilige level.
From there on, the CPU should fault trying to access secure memory, however hard the normal world tries. However, as Marco will show, there is no shortage on creative alternative ways to access memory and unfortunately, they are often overlooked leading to real world exploits.
This work culiminated into a number of patches across TF-A, OP-TEE and the barebox bootloader.
Marco joined the Pengutronix graphics team in 2017. His work covers everything from system architecture to low-level bootloader firmware up to kernel and user-space development.