TrustZone and Exception Levels in ARM

TrustZone

TrustZone is a hardware architecture designed by ARM for consumer-grade electronic devices. The purpose is to build a security framework for consumer electronics products to resist various potential attacks. TrustZone divides the SoC (System-on-a-Chip) hardware and software into two parts: Normal world and Secure world. Some sensitive operations, such as encryption and decryption, biometrics, and security authentication, need to be performed in Secure world, and user operating systems and general applications are performed in Normal world.

The following figure is the introduction of TrustZone on ARM's official website. From a macro perspective, Rich OS Application Environment (REE) represents the user's operating environment and can run various applications, such as the user operating system of the TV or mobile phone; Trusted Execution Envrionment (TEE) represents The security environment of the system, running Trusted OS, executes trusted applications on this basis, including identity verification, authorization management, DRM authentication, etc. This part is hidden behind the user interface, independent of the user operating environment, providing security services for the user operating environment ¹ .

Exception Levels

ARMv8 divides the processor into four privilege levels, which we call Exception Levels, which are based on TrustZone. The following figure is the ARMv8 security model ² when EL3 uses AArch64

• EL0: user space, the general program runs in Normal world, running in Secure world is called TA (Trust Application)
• EL1: Operating system, Guest OS runs in Normal world, such as Linux / Wlnce, Trusted OS runs in Secure world, such as Qualcomm's QSEE, open source OP-TEE, pea pod TEE, etc.
• EL2: Hypervisor layer designed to support virtualization, only used in Normal world
• EL3: As an exchange channel, Normal world sends SMC commands to the Secure world through the Secure Moniter layer. The role of Secure Moniter is to switch between Noraml world and Secure world.

Different ELs correspond to different permissions and registers. High-permission behavior cannot be performed on low-permission ELs. There are two common security methods: horizontal transgression, that is, an application or system that executes Secure state from None-secure state; vertical transgression, that is, a behavior of high-privilege EL from a low-privilege EL.

Android calls the kernel interface

We take Android as an example. The application of EL0 wants to call the code (kernel code) of EL1. Generally, by interrupting, the kernel can enter the exception vector table. The exception vector table is a commonly used concept in the ARM architecture. The application program accesses the kernel through system calls, and the system calls are implemented through soft interrupts.

Abnormal interrupt type

Exception types: ARM architecture supports seven types of exceptions [^ 3]

• Reset : When the processor is working, suddenly press the reset button, this exception will be triggered
• Undefined instructions : The processor cannot recognize the exception of the instruction. The instruction executed by the processor is standardized. If you try to execute the instruction that does not meet the requirements, you will enter the address corresponding to the abnormal instruction
• Software interrupt (SWI) : Soft interrupt, the software needs to interrupt the processor work, you can use soft interrupt to execute
• Prefetch Abort (instruction fetch memory abort) : The prefetch instruction fails. During the execution of the instruction, ARM must first go to the prefetch instruction to prepare for execution. If the prefetch instruction fails, this exception will be generated.
• Data Abort (data access memory abort) : failed to read data
• IRQ (interrupt) : ordinary interrupt
• FIQ (fast interrupt) : Fast interrupt, fast interrupt is faster than ordinary interrupt response speed

The following picture comes from the official website

Exception handling

In ARM embedded programming, by writing an exception vector table (ARM assembly code), the linker can form our own exception handling. Create an exception vector table-> save the scene on the stack-> handle exceptions-> restore the scene from the stack.

Call the kernel interface

Call the kernel interface from EL0 to EL1, generally divided into the following process

• Through interruption, enter the exception vector table
• Find the system call number and enter a different system call
• Through system call and virtual file system, call various driver codes

libc is our commonly used library (glibc is the libc library released by GNU, that is, the c runtime library. glibc is the lowest-level API in the Linux system, and almost any other runtime library will depend on glibc)

The libc library has encapsulated the interrupt code. All APIs that need to call the kernel code (such as read / write / fork / ioctl) will call the DO_CALL macro, which is defined in multiple places.

For detailed call of kernel call function, please visit the next blog.

to sum up

As amateurs, not developers, we have not studied the hardware implementation mechanism of TrustZone in detail. From a security point of view, we can know the basis of Exception Levels by understanding its concept, which is convenient for us to call the Linux kernel, driver, and system. Research.

---

1. https://blog.csdn.net/guyongqiangx/article/details/78020257 ↩︎

2. https://developer.arm.com/docs/100095/0002/programmers-model/armv8-a-architecture-concepts/exception-levels ↩︎