Generic TrustZone Driver Proposed For Linux Kernel

Written by Michael Larabel in Hardware on 29 November 2014 at 07:31 AM EST. Add A Comment
HARDWARE
ARM's security extensions are in the process of being bettered on Linux.

TrustZone is the marketing name for ARM's security extensions. TrustZone exposes two virtual processors with hardware access controls to let the application core switch between the two virtual states to avoid potentially leaking any information from one state/world to the other. TrustZone has been around going back to the ARMv6 days and there's been Linux support but it's largely been platform specific. Now, however, a generic TrustZone driver might finally come to the Linux kernel.

Javier GonzÃlez on Friday posted the patches for a generic TrustZone Linux driver. Javier explained, "Today, TrustZone solutions are implementation specific. In user space, mobile devices are normally compliant with Global Platform's API. However, there is no common TrustZone interface for kernel space, as it exists for Trusted Computing Module (TPM). As a result, different TrustZone frameworks use different kernel loadable modules to provide the context to communicate with the Trusted Execution Environment leveraged by TrustZone's secure world."

In terms of the TrustZone use cases, "TrustZone has traditionally been used for offloading secure tasks to the secure world. Examples include banking applications, Digital Rights Management (DRM), or specific secure solutions. As more and more frameworks enabling TrustZone appear, new use cases are starting to emerge: key management, encryption, integrity checking, etc. Extreme cases today involve running a RTOS in the secure world, or using the secure world toimplement usage control policies governing the normal world. The advent of ARMv8 will only expand this list."

This generic TrustZone driver is designed to be flexible as to not introduce any policy regarding the TrustZone interface but instead tries for a rather universal fit that other specialized TZ drivers can utilize and in turn communicate with specific frameworks. This new driver patch series also introduces a new drivers/sechw area for the Linux kernel as a new subsystem intended for secure hardware drivers.

More information via this patch series.
Add A Comment
Related News
Rockchip NPU Open-Source Driver Taking Shape, Will Aim For Upstream Accel Driver
TUXEDO Computers Launches First Linux Laptop With AMD Ryzen 7 8845HS
Microsoft Rolls Out Azure Linux 2.0.20240403 With Security Fixes & Other Patches
Intel HID Driver Ready For Arrow Lake & Lunar Lake Laptops With Linux 6.9
UPower 1.90.4 Fixes Excessive Disk Writes & High CPU Usage
OpenSSL 3.3 Released With Many Additions For QUIC, CPU Performance Optimizations
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
KDE's KWin Merges Wayland Explicit Sync Support
Gentoo Linux Now An SPI Project
Open-Source Radeon Driver Enables Support For Vulkan Video H.264/H.265 Encode