If I understand the cold boot attack correctly for the normal world, it is that we boot a NWd OS once, make it decrypt all its secrets into DRAM, pull the power and quickly boot to another OS and read contents of DRAM before the data decays, to extract secrets of the old OS using the new OS. While this can apply to secure world, It might be a safe assumption that we cannot boot arbitrary, unsigned TZ code and trusted OS's on an ARM system in the last few years due to use of CoT, Rollback protection etc. As a general rule of thumb, early boot code should probably be scrubbing secure DRAM anyway, I think, to prevent this attack, in which case the way to do the cold boot attack would be through a run time attack on TZ code.
Thanks Raghu
-----Original Message----- From: TF-A tf-a-bounces@lists.trustedfirmware.org On Behalf Of Okash Khawaja via TF-A Sent: Wednesday, May 5, 2021 9:10 AM To: tf-a@lists.trustedfirmware.org Subject: [TF-A] MEM_PROTECT for secure world?
Hi,
As a PSCI call, MEM_PROTECT which is used to protect against cold reboot attack, can't be called from TZ-secure. In a situation where at run time, HLOS in NS-EL1 transfers some buffer that it owns, to a secure partition then secure partition can't call MEM_PROTECT because psci_smc_handler will return SMC_UNK if the caller is secure.
Should MEM_PROTECT be available to TZ-secure as well?
Thanks, Okash -- TF-A mailing list TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a