[Cryptech Tech] Open JavaCard platform

Joachim Strömbergson joachim at secworks.se
Sun Mar 16 21:01:13 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Vicente Sanchez-Leighton wrote:
> I don't know either about any open ARM implementations. On Leon and
> IA32 there's a partially open-source hypervisor called xtratum 
> (http://www.xtratum.org/, http://www.fentiss.com/). On MIPS there
> are open implementations (at least of older architectures), but not
> -yet- open hypervisors.

I don't think we have thought about hypervisors or any other mechanisms
for separation of applications in world/secure domains like TEE/TZ. For
higher level code that might be quite interesting.

Rob considered lightweight RTOSes and this might be worth considering.

> My domain is more hypervisors, TEEs and OSes and not hardware design,
> so bear with me: I would feel some kind of bus mechanism for -at
> least- memory protection or -better- IOMMU would be a must in such
> an architecture as cryptech, to protect functions of different
> security levels from each other. In the ARM architecture there's a
> 33rd lane in the bus to signal to all coprocessors and memory if the
> system is running in normal or secure mode (TrustZone). A full
> fledged IOMMU scheme would be better, but you might feel it is too
> much of a constraint for the cryptech user-designers.

If the control MCU for the lower layer would be running multiple domain
code, something like the TZ separation could be implemented fairly easy
(the famous "how hard can it be?"). At least my naive thinking right now
is that the control MCU in/for the FPGA would run one application only
and all is considered to be secure domain with atomic operations. But
that might not be the case. Your input is interersting.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJTJhEZAAoJEF3cfFQkIuyN5W0QAIq8tEg4FTqcHV+AkGVWRXPf
+sZjzQrDiNRONtkWaS1hteGAneE9Yz7qbTHQtcX9iwPYzNaqLGqp1im0eyHVkTXF
Mbq1fka++aaXo4eXqXZ5IgRGMmbSOYq1erwzJ00EEg/qGlWO5FPGe7g3kkuYrZp3
H8h8tfbT5BGlRWDNvNVK0fpBp6+xkb798XLgd/O4MQZYY0yciJXVBrOgkEqWSi88
X8mgk542rWfGYg9UzpxGZ7ZsV0SsjKGGAc4XNnnZnHxztrGmrlemCFIcWVgG3l91
tUgKFznsZU8zr8cNUekNTpQPkvH+dCTWnLjK2YoQt8sdPh4gdq0djhAgzlr2SZuY
mk4CqQ/FtRXVnoAGETZjszG0nzbEdZr1QoSdrPreJ8wBic3GrcW9HwAcY/4Lo1r5
yYQDE7BSevFl6MMQU6n5gVn/pGEjJJFjZ3utOTRafJyfVOvePYXGTrvxlGRB2Wig
7umqp3Qyh3ATpzE75a/I5X65dL4M5hhKEQmJspOAmrVpV0nDKldFgt6IUBYaVAyA
pUIhriMCFy+V693caSyxx9SQzq4n+ZZGNp2R/jei2FYgQ2qRt/KKWxuVjrZXi83S
g/QDPrMR6VmrSrVsXqptEZX3MKb6xvY1cempxpkKyPhsmT8CXm52Y41CJ8xbPVHw
KtLxuRdGPUM3qfOKvU10
=19UJ
-----END PGP SIGNATURE-----



More information about the Tech mailing list