The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 1, Interesting) by Anonymous Coward on Monday January 14 2019, @12:45PM
by Anonymous Coward
on Monday January 14 2019, @12:45PM (#786423)
And in fact TrustZone is disabled on ANY ARM processor whose bootstrap doesn't use a signed kernel, last I checked.
If the stage0 bootloader doesn't authenticate the stage1 bootloader/kernel as authentic to the vendor key then TrustZone is never initialized.
This is because TrustZone is only truly used for device encryption and media/software company DRM, neither of which is considered trustworthy if the end user has control of it. Bugs in it that allow 3rd parties to exploit it are preferable to end user control, because the end user is the product and financial extraction target, not the customer.
(Score: 1, Interesting) by Anonymous Coward on Monday January 14 2019, @12:45PM
And in fact TrustZone is disabled on ANY ARM processor whose bootstrap doesn't use a signed kernel, last I checked.
If the stage0 bootloader doesn't authenticate the stage1 bootloader/kernel as authentic to the vendor key then TrustZone is never initialized.
This is because TrustZone is only truly used for device encryption and media/software company DRM, neither of which is considered trustworthy if the end user has control of it. Bugs in it that allow 3rd parties to exploit it are preferable to end user control, because the end user is the product and financial extraction target, not the customer.