- From: Henri Sivonen <hsivonen@hsivonen.fi>
- Date: Fri, 18 Oct 2013 11:36:09 +0300
- To: cobaco <cobaco@freemen.be>
- Cc: "public-restrictedmedia@w3.org" <public-restrictedmedia@w3.org>
On Thu, Oct 17, 2013 at 11:44 PM, cobaco <cobaco@freemen.be> wrote: > I take it that by TEE you're talking about hardware enforced cryptographic > code signing, ala UEFI? If by UEFI you refer to the model where firmware checks a signature on the boot loader, the boot loader checks a signature on the kernel and the kernel check signatures on all user-space code, you don't need to have that sort of thing implemented for the primary operating system that you are running in order to have a TEE. Instead, the hardware could enforce separation between the primary operating system and a second operating system that is the locked-down one and that is not mentioned in user-facing marketing. https://en.wikipedia.org/wiki/ARM_architecture#TrustZone -- Henri Sivonen hsivonen@hsivonen.fi http://hsivonen.fi/
Received on Friday, 18 October 2013 08:36:37 UTC