Librem 5 privacy & security : iMX's ARM-Trustzone code specs?

Hello,
Librem 5 phone aims at privacy, hardware and software security, leverages a blob-free Linux-based stack and broadly promotes FOSS : how interested am I in chipping in!

I come here to discuss about important security specs, lacking so far in the campaign.
I am nowhere close to proficient in this domain and am looking for Purism’s point of view.

Librem 5 phone will run on an iMX chip, an ARM-based design produced by Dutch NXP.
Be it iMX6 or iMX8, it will feature accordingly Cortex A9 or Cortex A53 cores : both include ARM Trustzone technology.
Trustzone is a descendant of a long process in computer security, revolving around the principle of least privilege : giving programs as little resource as they need. It is implemented, according to the Trusted Computing Group and Global Platform specifications, as a virtualization within the SOC. Software is compartmented between two worlds. The “secure world” holds a very small operating system, and manages access to sensitive information such as crypto keys, biometry, DRMs etc. On the other hand, the “rich environment” hosts the actual operating system : Android, iOS, or here with the Librem 5, PureOS.

To my question, finally :
What do you intend to do with TEE (the secure world) code?
iMX chips are known to be open to TEE programming, contrary to much more opaque others such as Qualcomm’s. I suspect that might have been an argument you were well-aware of when targetting SOC. Both major TEE OSes, QSEE and Kinibi are proprietary and have known major vulnerability issues. That could mean that, no matter how secure is PureOS, it could be compromised by the obscure co-processor with its independent microkernel. TEE alternatives exist, I have stumbled upon open-source OP-TEE among few others.

With the care you exhibit at removing proprietary blobs from your design, I am quite confident you have encompassed the subject, let us know!

About few other TEE kernels :

• Sel4 is an extremely secured microkernel, and quite widespread, mostly in automotive. Genode ported sel4 on iMX6, for example, but not sure it was related to TEE.

• vTZ, which allows virtualization within the TEE.

Another option, as discussed in Purism IRC, would be to simply ignore Trustzone and leave it unused. If so, how would cryptography level stand, ignoring a whole part of ARMv7/8 ISA?

It appears to me that this area of the Librem5 development can use/deserve a consequent amount of research and dedication.

Finally, this is not specifically related to Trustzone code, but a recent hardware vulnerability on ARMv7(/8?) has been revealed. It can expose crypto keys inside the trusted world.
I will be fine enough with contributing to FOSS as is, knowing that the project can only achieve so much, but do you plan to study or even fix such issues?

6 posts were merged into an existing topic: Librem 5 security

@maxzor
Hey, I’m looking into open-source phones that can leverage TrustZone to work on some Trusted APP development involving TEEs. I found the PinePhone and Librem 5 to be the closest projects that could be doing it. However, I could not find much material on TEE or TrustZone documented anywhere in the projects. Could you let me know if there is some information available on this subject?

I did find mentions of TrustZone in the Purism code, https://source.puri.sm/search?group_id=&project_id=266&repository_ref=&scope=blobs&search=TrustZone. I will try to go through the search hits and see what is done as OP-TEE also seems to be mentioned.

Thank You

I’d suggest to ask Kyle and other devs on Matrix channel #librem-5-devkit:talk.puri.sm

Hey, thanks for the info

Oh, whoops… I meant #community-librem-5:talk.puri.sm

I think one of the early loaders is doing TrustZone, should probably be somewhere related to u-boot.

not strictly related but uboot can pack atf and bl31 loaders into its boot vector