tag:blogger.com,1999:blog-4838136820032157985.post9044521570943639998..comments2024-03-28T17:48:16.347-07:00Comments on Project Zero: Trust Issues: Exploiting TrustZone TEEsUnknownnoreply@blogger.comBlogger9125tag:blogger.com,1999:blog-4838136820032157985.post-76027130098755876802018-09-26T16:21:43.775-07:002018-09-26T16:21:43.775-07:00Surely that is hex offset not binary in the Trusto...Surely that is hex offset not binary in the Trustonic diagram?Edikhttps://www.blogger.com/profile/16464133199350579519noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-52494582712926301952018-05-30T02:24:08.801-07:002018-05-30T02:24:08.801-07:00Excellent research on the - still existing - inabi...Excellent research on the - still existing - inability of ARM/Android to offer a sufficient basis for (Intel/Windows equivalent) data security for mobiles and tablets!<br /><br />I think the KeyMaster extraction problem will never be completely solved, if ARM doens't change its chip architecture.<br /><br />Nevertheless I have an important question:<br /><br />When someone has the decrypted KeyMaster, he would still have to brute-force the AES-128 encrypted user password, so wouldn't a strong passphrase (i.e. 20+ characters) give us the same protection as e.g. a AES-128 and Truescrypt/Verascrypt encrypted drive on an Intel/Windows system, making the whole Android security discussion superfluous?<br /><br />Thanks<br />Tim<br />Timhttps://www.blogger.com/profile/09021255349979067959noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-7677827752496741412017-07-28T09:04:22.013-07:002017-07-28T09:04:22.013-07:00Great JOB.BTW.Which ROM version match the KnibiOTP...Great JOB.BTW.Which ROM version match the KnibiOTP POC?fatgrasshttps://www.blogger.com/profile/16682726780268179602noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-16762674417711069042017-07-27T10:02:17.764-07:002017-07-27T10:02:17.764-07:00Kinibi has supported rollback prevention of an OEM...Kinibi has supported rollback prevention of an OEM’s trusted applications from its first version, by enabling the OEM to change the signing key in use (and hence disallow install of previously signed applications). Kinibi also supports ‘over the air’ install of 3rd party trusted applications, using separate signing keys and a version field to prevent rollback.<br /><br />Richard Hayton<br />CTO TrustonicRichard Haytonhttps://www.blogger.com/profile/01037284118395137022noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-58270044537774309382017-07-27T08:07:51.549-07:002017-07-27T08:07:51.549-07:00Great article we need to continue to push the evol...Great article we need to continue to push the evolution of these platforms and agree we need to not have an explosion of trustlets. We have integrated attestation into our trustlet to assure that certain transaction will only advance if the state of the trustlet has not changed. It is a measured environment so there are still risks in what does the measuring but it will fully prevent roll back on the older platforms. <br />Steven Spraguehttps://www.blogger.com/profile/00022139927897249065noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-64661128276933532662017-07-25T16:36:33.936-07:002017-07-25T16:36:33.936-07:00Love these write ups, thanks! Great read!Love these write ups, thanks! Great read!Justinhttps://www.blogger.com/profile/04138857652921543796noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-15786924521468522412017-07-24T14:36:41.343-07:002017-07-24T14:36:41.343-07:00It's questionable to what extent many of these...It's questionable to what extent many of these things are overly useful without additional functionality like trusted outputs/display/audio mechanisms. Intel has failed to tie related functionality together into their desktop offerings. It's interesting that after a couple of decades, essentially people started realizing that the other rings of operation could be useful in the same way that trusted operating systems used them decades ago and sad that most innovation at this point essentially means re-inventing OS/400 and Wang style security metrics or similar, the cloud is essentially the mainframe/greenscreen architecture, et cetera.not_mehttps://www.blogger.com/profile/05206789608401464729noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-29195388337931992752017-07-24T12:40:11.884-07:002017-07-24T12:40:11.884-07:00Hi Pierre,
Thank you for reading. Are you are ref...Hi Pierre,<br /><br />Thank you for reading. Are you are referring to the "sec" partition *on* the device? If so, we do not have the physical devices corresponding to all the firmware images (in fact, we only have a fraction of them), nor do we have root access to them all, so acquiring the "sec" partition dynamically would take some effort. In any case, the fuse locations vary between SoCs, so even if we were to extract their contents, we would still need to manually find the fuse address for each SoC.<br /><br />All the best,<br />Gal.Gal Beniaminihttps://www.blogger.com/profile/01234036203079051373noreply@blogger.comtag:blogger.com,1999:blog-4838136820032157985.post-36241168317402418572017-07-24T12:06:58.913-07:002017-07-24T12:06:58.913-07:00"Since we cannot easily query the status of e..."Since we cannot easily query the status of eFuses on a large scale, it remains unknown what proportion of devices have indeed enabled this feature."<br /><br />Actually, if you have access to the factory images, the eFUSE configuration should be stored inside "sec" qcom partition which contains the eFUSE configuration.<br />Indeed, OEMs might provide a noop sec.dat instead of the real one, but that'd be a bit weird.Anonymoushttps://www.blogger.com/profile/15443376103728290531noreply@blogger.com