none
TrustZone support RRS feed

  • Question

  • Does Windows Embedded Compact 7 integrate (if at all) with ARM TrustZone?

    I am looking into developing a secure real time clock driver for the i.MX51 which is base on TrustZone for access.

    thanks

    Monday, July 22, 2013 3:41 PM

Answers

  • Correct, but you'll have to further protect the device to deny any user to install a kernel mode driver of course. Trusted modules, certificate signing, etc.

    Good luck,

    Michel Verhagen, eMVP
    Check out my blog: http://guruce.com/blog

    GuruCE
    Microsoft Embedded Partner
    http://guruce.com
    Consultancy, training and development services.

    • Marked as answer by Curt Black Wednesday, August 7, 2013 6:56 PM
    Tuesday, July 30, 2013 12:51 AM
    Moderator

All replies

  • I won't lie, I am not familiar with ARM TrustZone.   But I just read the the documentation on the ARM website so I guess now I am an expert :-)

    The documentation specifically mentions Windows CE (which is the old name of Windows Embedded Compact).

    With my newly aqcuired expertise I am able to tell you that you would drive the hardware with the secure kernel/OS and then need a way for Windows Compact to get the timer information.


    Bruce Eitman (eMVP)
    Senior Engineer
    Bruce.Eitman AT Eurotech DOT com
    My BLOG http://geekswithblogs.net/bruceeitman

    Eurotech Inc.
    www.Eurotech.com

    Thursday, July 25, 2013 7:00 PM
    Moderator
  • I suppose if the only reason for TrustZone is to limit the access to the peripheral registers, then it would be redundant with the existing security model of CE?  After all, an application cannot access any of the system peripheral registers due to user mode memory access, correct?
    Monday, July 29, 2013 6:00 PM
  • Correct, but you'll have to further protect the device to deny any user to install a kernel mode driver of course. Trusted modules, certificate signing, etc.

    Good luck,

    Michel Verhagen, eMVP
    Check out my blog: http://guruce.com/blog

    GuruCE
    Microsoft Embedded Partner
    http://guruce.com
    Consultancy, training and development services.

    • Marked as answer by Curt Black Wednesday, August 7, 2013 6:56 PM
    Tuesday, July 30, 2013 12:51 AM
    Moderator
  • Thanks.

    Yup, we are implementing secure boot (HAB) and trusted modules on this system as well.

    Wednesday, July 31, 2013 4:03 PM