打印

Discussion/Question: TrustZone vs Hypervisor

[复制链接]
289|0
手机看帖
扫描二维码
随时随地手机跟帖
跳转到指定楼层
楼主
博斯|  楼主 | 2018-9-9 10:02 | 只看该作者 回帖奖励 |倒序浏览 |阅读模式
Hi this is more a discussion then a question:
What is the benefit of TrustZone (Secure/Non-Secure) vs. hyp (EL2) mode?
As to my knowledge, both need support on the SoC for the separation. Either direct the NS-signal to the peripheral (including all kinds of memory) or the need for a System MMU (SMMU) in case of the Hyp-mode (if DMA is involved).
So my question is, can TrustZone provide a stronger separation then Hyp mode?
Or is the only benefit, that the TrustZone separation can be done with less effort and with less code?
If secure booting is no goal but separation of - for example - a functional safe RTOS from a non-safe GPOS like Linux, then IMHO, Hyp mode is as good as TZ, even better as data aborts are precise and need no modification of the guest (whereas data aborts due to TZ viollation are imprecise).
Any thought?

使用特权

评论回复

相关帖子

发新帖 我要提问
您需要登录后才可以回帖 登录 | 注册

本版积分规则

412

主题

412

帖子

0

粉丝