Re: Trust

On Thu, Oct 17, 2013 at 11:44 PM, cobaco <cobaco@freemen.be> wrote:
> I take it that by TEE you're talking about hardware enforced cryptographic
> code signing, ala UEFI?

If by UEFI  you refer to the model where firmware checks a signature
on the boot loader, the boot loader checks a signature on the kernel
and the kernel check signatures  on all user-space code,  you don't
need to have that sort of thing implemented for the primary operating
system that you are running in order to have a TEE. Instead, the
hardware could enforce separation between the primary operating system
and a second operating system that is the locked-down one and that is
not mentioned in user-facing marketing.

https://en.wikipedia.org/wiki/ARM_architecture#TrustZone

-- 
Henri Sivonen
hsivonen@hsivonen.fi
http://hsivonen.fi/

Received on Friday, 18 October 2013 08:36:37 UTC