https://redmine.replicant.us/https://redmine.replicant.us/favicon.ico?15984615062016-03-06T19:25:15ZReplicantReplicant - Issue #1659: The device pages don't warn about proprietary (and likely signed) TrustZone TEEhttps://redmine.replicant.us/issues/1659?journal_id=61832016-03-06T19:25:15ZPaul Kocialkowskipaulk@replicant.us
<ul><li><strong>Tracker</strong> changed from <i>Feature</i> to <i>Issue</i></li></ul> Replicant - Issue #1659: The device pages don't warn about proprietary (and likely signed) TrustZone TEEhttps://redmine.replicant.us/issues/1659?journal_id=61892016-03-06T19:41:16ZPaul Kocialkowskipaulk@replicant.us
<ul><li><strong>Category</strong> changed from <i>Infrastructure (web, git)</i> to <i>Website and wiki content</i></li></ul> Replicant - Issue #1659: The device pages don't warn about proprietary (and likely signed) TrustZone TEEhttps://redmine.replicant.us/issues/1659?journal_id=61952016-03-07T21:52:28ZPaul Kocialkowskipaulk@replicant.us
<ul></ul><p>There is some generic documentation about TrustZone available.</p>
From ARM:
<ul>
<li><a class="external" href="http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0210c/Cihhcjia.html">http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0210c/Cihhcjia.html</a></li>
<li><a class="external" href="http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/ch04s02s02.html">http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.prd29-genc-009492c/ch04s02s02.html</a></li>
<li><a class="external" href="https://www.arm.com/products/processors/technologies/trustzone/tee-smc.php">https://www.arm.com/products/processors/technologies/trustzone/tee-smc.php</a></li>
<li><a class="external" href="https://github.com/ARM-software/arm-trusted-firmware">https://github.com/ARM-software/arm-trusted-firmware</a> and <a class="external" href="https://github.com/ARM-software/arm-trusted-firmware/tree/master/docs">https://github.com/ARM-software/arm-trusted-firmware/tree/master/docs</a></li>
</ul>
From various research and articles:
<ul>
<li><a class="external" href="https://en.wikipedia.org/wiki/ARM_architecture#TrustZone">https://en.wikipedia.org/wiki/ARM_architecture#TrustZone</a></li>
<li><a class="external" href="http://genode.org/documentation/articles/trustzone">http://genode.org/documentation/articles/trustzone</a></li>
<li><a class="external" href="http://firmwaresecurity.com/2015/10/03/libsboot-secure-boot-for-u-boot/">http://firmwaresecurity.com/2015/10/03/libsboot-secure-boot-for-u-boot/</a></li>
<li><a class="external" href="http://prosauce.org/blog/2013/2/11/embedded-trust-p2-u-boot-secured-boot.html">http://prosauce.org/blog/2013/2/11/embedded-trust-p2-u-boot-secured-boot.html</a></li>
<li><a class="external" href="https://www.blackhat.com/docs/us-14/materials/us-14-Rosenberg-Reflections-on-Trusting-TrustZone.pdf">https://www.blackhat.com/docs/us-14/materials/us-14-Rosenberg-Reflections-on-Trusting-TrustZone.pdf</a></li>
<li><a class="external" href="http://lwn.net/Articles/513756/">http://lwn.net/Articles/513756/</a></li>
</ul>
From TEE implementations:
<ul>
<li><a class="external" href="https://www.trustonic.com/technology/trustzone">https://www.trustonic.com/technology/trustzone</a> and <a class="external" href="https://www.trustonic.com/technology/trusted-execution-environment">https://www.trustonic.com/technology/trusted-execution-environment</a></li>
<li><a class="external" href="https://en.wikipedia.org/wiki/Trusted_execution_environment#Implementations">https://en.wikipedia.org/wiki/Trusted_execution_environment#Implementations</a></li>
</ul>
<p>There are also more specific details about how it's used available.</p>
From source code regarding some devices/platforms:
<ul>
<li><a class="external" href="http://lists.denx.de/pipermail/u-boot/2013-June/155544.html">http://lists.denx.de/pipermail/u-boot/2013-June/155544.html</a></li>
<li><a class="external" href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/arm/mach-omap2/omap-secure.c">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/arm/mach-omap2/omap-secure.c</a></li>
<li><a class="external" href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/arm/mach-omap2/omap-smc.S">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/arch/arm/mach-omap2/omap-smc.S</a></li>
</ul>
From documentation regarding some devices/platforms:
<ul>
<li><a class="external" href="http://lists.denx.de/pipermail/u-boot/2014-June/181446.html">http://lists.denx.de/pipermail/u-boot/2014-June/181446.html</a></li>
<li><a class="external" href="http://linux-sunxi.org/TrustZone_Protection_Controller_Register_Guide">http://linux-sunxi.org/TrustZone_Protection_Controller_Register_Guide</a></li>
<li><a class="external" href="http://marc.info/?l=linux-arm-kernel&m=133941020000560&w=2">http://marc.info/?l=linux-arm-kernel&m=133941020000560&w=2</a></li>
<li><a class="external" href="http://lists.xen.org/archives/html/xen-devel/2014-02/msg01587.html">http://lists.xen.org/archives/html/xen-devel/2014-02/msg01587.html</a></li>
</ul>
From analysis:
<ul>
<li><a class="external" href="http://www.fredericb.info/2014/12/analysis-of-nexus-5-monitor-mode.html">http://www.fredericb.info/2014/12/analysis-of-nexus-5-monitor-mode.html</a></li>
<li><a class="external" href="http://bits-please.blogspot.fr/2015/08/full-trustzone-exploit-for-msm8974.html">http://bits-please.blogspot.fr/2015/08/full-trustzone-exploit-for-msm8974.html</a></li>
</ul>
From forums:
<ul>
<li><a class="external" href="http://stackoverflow.com/questions/29533692/i-mx53-qsb-and-arm-trustzone">http://stackoverflow.com/questions/29533692/i-mx53-qsb-and-arm-trustzone</a></li>
</ul> Replicant - Issue #1659: The device pages don't warn about proprietary (and likely signed) TrustZone TEEhttps://redmine.replicant.us/issues/1659?journal_id=62012016-03-07T22:14:10ZDenis 'GNUtoo' CarikliGNUtoo@cyberdimension.org
<ul></ul>Open questions:
<ul>
<li>How can we summarize the differences and similarities between trustzones implementations.</li>
<li>How can we check if TrustZone is disabled? How can we check if it's RAM is accesible?</li>
<li>What software, in practice sets up(or disable) TrustZone. Is it the Bootrom or the bootloader, and which part of the bootloader?</li>
<li>How is TrustZone linked to other hardware blocks like (AES/SHA1/MD5 engine)? What is the relationship with the bootrom?</li>
<li>How is it linked to hardware blocks hidden after early boot.</li>
</ul>
Variations:
<ul>
<li>What does the bootrom really do in practice (Analysis of its code).</li>
<li>Is the bootrom always specific to a SOC? is it customized for high volume clients?</li>
<li>Are there different revsions of the bootroms on the same SOC? Does it differ within the same SOC family.</li>
<li>Can the hardware and TrustZone be customized for high volume clients? (Software like the bootloader is taken out of the equation here, but the bootrom isn't).</li>
</ul>
We could also add a wiki page with research done on it:
<ul>
<li>Links that points to software capable of dumping it</li>
<li>If we manage to dump it on some devices, we could add its checksum (sha)</li>
</ul>
<p>We might also want to check our legal rights regarding the bootrom. Since it's the only way to initialize hardware, we may be able to redistribute its code, or a derivative of it in some ways.</p> Replicant - Issue #1659: The device pages don't warn about proprietary (and likely signed) TrustZone TEEhttps://redmine.replicant.us/issues/1659?journal_id=62072016-03-08T15:47:23ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<ul></ul><p><strong><ins>Some initial information about Trustzone on smdk4412 devices</ins></strong></p>
<p>There are various news stories from some years back that the Galaxy S3 is the first Exynos device generation with a TEE implementation called Mobicore. My research so far confirms this claim but there is more that needs to be checked.<br />Mobicore has some user space parts (not included in Replicant), a dedicated kernel driver and the TEE implementation seems to be called Mobicore OS.<br />some information: <a class="external" href="https://www.sensepost.com/blog/2013/a-software-level-analysis-of-trustzone-os-and-trustlets-in-samsung-galaxy-phone/">https://www.sensepost.com/blog/2013/a-software-level-analysis-of-trustzone-os-and-trustlets-in-samsung-galaxy-phone/</a><br />It's main and probably sole purpose on factory images is DRM related and linked to the PlayReady trustlet that is used by the Samsung VideoHub app.</p>
<p><strong>Kernel side</strong></p>
<p>The kernel has the config <code>CONFIG_ARM_TRUSTZONE</code>. It is enabled for i9300 and n7100, but not for i9100 and n7000. The i9300 does not boot with a kernel that has this config disabled.<br />There is also the config <code>CONFIG_EXYNOS_CONTENT_PATH_PROTECTION</code> that is probably needed for the video DRM.<br />The Mobicore driver resides in <code>drivers/gud</code> and is in charge of talking to the TEE. I only skimmed over the code so far, but it seems to contain some useful information about the interface.</p>
What could be done to improve the situation:
<ul>
<li>Disable the Mobicore driver, so Replicant does not cooperate with Mobicore OS. I already did this some time ago:<br /><a class="external" href="https://code.fossencdi.org/kernel_samsung_smdk4412.git/commit/?h=replicant-6.0&id=7fbe662a46f3bb994b6f7a9adea731f3d8a5620c">https://code.fossencdi.org/kernel_samsung_smdk4412.git/commit/?h=replicant-6.0&id=7fbe662a46f3bb994b6f7a9adea731f3d8a5620c</a></li>
<li>Write a driver that checks if Mobicore is running. This is hopefully possible in a reliable way.</li>
<li>In the case that we can't get rid of Mobicore OS, try to suspend of even shut down the TEE with the driver at boot.</li>
</ul>
<p><strong>Partitions</strong></p>
<p>The EFS partition contains some files related the PlayReady truslet in <code>drm/playready</code>.<br />Mobicore OS seems to have its own partition which is called TZSW. If this partition is not present on i9100 and n7000, then this may be another hint that there is no TEE implementation running on these devices.<br />PIT print from heimdall:<br /><pre>
--- Entry #1 ---
Binary Type: 0 (AP)
Device Type: 2 (MMC)
Identifier: 81
Attributes: 5 (Read/Write)
Update Attributes: 1 (FOTA)
Partition Block Size/Offset: 1734
Partition Block Count: 312
File Offset (Obsolete): 0
File Size (Obsolete): 0
Partition Name: TZSW
Flash Filename: tz.img
FOTA Filename:
</pre></p>
<p>Running strings against tz.img from a factory image reveals some strings that confirm that it contains at least parts of Mobicore OS:<br /><pre>
MobiCore/MTK: ### SYSTEM HALT, code=%x
*** <t MTK, Build: Oct 3 2013, 15:42:44 ***
*** jenkins-Samsung-Pegasus-Release-Rebuild-27 ###
RTM Exception: ### MOBICORE HALT ###
CR Exception: ### MOBICORE HALT ###
SIGABRT: Abnormal termination
: Heap memory corrupted
SIGRTMEM: Out of heap memory
tbase-200_Exynos_4X12_V006_Patch1
N10__cxxabiv117__class_type_infoE
N10__cxxabiv117__pbase_type_infoE
N10__cxxabiv119__pointer_type_infoE
N10__cxxabiv120__si_class_type_infoE
N10__cxxabiv121__vmi_class_type_infoE
N10__cxxabiv123__fundamental_type_infoE
St10bad_typeid
St13bad_exception
St9exception
St9type_info
</pre></p>
<p>The bootloader makes some checks on the TZSW partition. Strings from the bootloader:<br /><pre>
s5p_check_tzsw
%s: invalid tzsw type! dummy?
</pre></p>
<p>I was not able to access the TZSW partition from Replicant. It seems to be hidden. I also couldn't make heimdall accept a modified or empty tz.img. It would be interesting if the system boots with a non-functional TZSW image. Another option would be to patch Heimdall in order to make it possible to format the TZSW partition.</p> Replicant - Issue #1659: The device pages don't warn about proprietary (and likely signed) TrustZone TEEhttps://redmine.replicant.us/issues/1659?journal_id=66692017-05-14T19:23:08ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<ul></ul><p>The Galaxy Nexus also has a TEE. I disabled the HAL and related services in <a href="https://git.replicant.us/replicant/device_samsung_tuna/commit/?id=1bfc29627b23ac147baadd6dc8d4b35d0493af3f" class="external">this commit</a><br />Guessing from the log, it wouldn't have worked anyway, probably because proprietary code was missing.<br />It was not enabled in Replicant 4.2 (see <a href="https://git.replicant.us/replicant/device_samsung_tuna/tree/device.mk?h=replicant-4.2#n56" class="external">here</a>) because there was a <a href="https://android.googlesource.com/device/samsung/tuna/+/b74801dc22bb4945ddf79b2e12e6328a862d68c3%5E!/" class="external">power usage bug with the kernel driver</a>.<br />On the kernel side, related code is now disabled with <a href="https://git.replicant.us/replicant/kernel_samsung_tuna/commit/?id=670297f29b0b0ce4dafed48cd59623e2b0ae4d63" class="external">this commit</a>.</p> Replicant - Issue #1659: The device pages don't warn about proprietary (and likely signed) TrustZone TEEhttps://redmine.replicant.us/issues/1659?journal_id=67562017-06-14T20:24:30ZWolfgang Wiedmeyerwreg@wiedmeyer.de
<ul></ul><p>For sake of completeness, the Galaxy Tab 2 devices seem to have a similar TEE as the Galaxy Nexus with the difference, that I didn't see it used anywhere in user space. I disabled related code in the kernel in the same way as for the Galaxy Nexus.</p> Replicant - Issue #1659: The device pages don't warn about proprietary (and likely signed) TrustZone TEEhttps://redmine.replicant.us/issues/1659?journal_id=74372019-05-08T14:31:18ZDenis 'GNUtoo' CarikliGNUtoo@cyberdimension.org
<ul><li><strong>Subject</strong> changed from <i>The website and device pages don't warn about proprietary (and likely signed) TrustZone TEE</i> to <i>The device pages don't warn about proprietary (and likely signed) TrustZone TEE</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>50</i></li></ul><p>The Freedom privacy and security page has been updated to mention TrustZone but each device also needs to be reviewed for freedom, privacy and security.</p> Replicant - Issue #1659: The device pages don't warn about proprietary (and likely signed) TrustZone TEEhttps://redmine.replicant.us/issues/1659?journal_id=87112021-03-23T11:15:30Z_I3^ RELATIVISM
<ul><li><strong>Type of work</strong> <i>C programming, Communication (mails, contacting people, etc), Wiki editions</i> added</li></ul>