-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Hari Govind V K edited this page Sep 23, 2019
·
5 revisions
- Main Trusty page
- A Masters thesis. Good overview of TEE OS and potential attacks.
A trustlet is a secure application running on TEE OS. Example trustlets in trusty source tree:
-
attacking Arm's trustzone.
Overview of two attacks. One in the monitor (failure to check user given address). Another in a trustlet (user-controlled call to
memcpy
). References to other blog posts that provide more details on how the attacks can be exploited. - attacking qualcomm's trustzone A detailed description of analyzing binary TrustZone image. Referred to in the first blog post. Many details on disassembly that are not very relevant. Good description of components involved in the attack, which is very relevant.
- https://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html
- external/lk/kernel/port.c line 190: Possible race condition. A port with the same name could have been created by another thread at this point.
- https://www.blackhat.com/docs/us-14/materials/us-14-Rosenberg-Reflections-On-Trusting-TrustZone-WP.pdf Exploiting integer overflow errors to execute arbitrary code inside TEE
Our experience in building trusty
To compile, follow the instructions in the trusty website
- Install BEAR - a compilation database for clang which generates a JSON file
compile_commands.json
during build - In
trusty/trusty/vendor/google/aosp/scripts/build.py generic-arm64
, change line 112 to:
if project == "generic-arm32-debug":
cmd += "; bear make " + project + " -j " + str(args.jobs) + " -S "
- Run
trusty/trusty/vendor/google/aosp/scripts/build.py generic-arm64
- In the current folder, a compilation commands file
compile_commands.json
will be generated. In this file, search for the file name of interest, copy the arguments - Paste the arguments to a .sh file, get rid of the quotes, commas and line breaks, run the .sh file to get the object file