|
|
|
|
|
|
by throw2016
3335 days ago
|
|
|
This is a bit of a fig leaf. If it was just for enterprise users there would be no reason to impose it on everyone. It would be positioned as an enterprise exclusive with a price premium. The fact that both AMD and ARM integrated similar technologies at around the same time is too much coincidence. All the signs point to bad actors but for some the bar of evidence is either another Snowden level sacrifice or Intel providing a signed confession. Both improbable and unrealistic. In many ways the detail, scale and scope of revelations in the past 5-10 years make skepticism and hard questions essential. The benefit of doubt has long moved the other way. This alternative is a kind of forced naiveté and denial. |
|
|
Don't believe the FSF's FUD. TrustZone is really not comparable at all to Intel's Management Engine or AMD's Secure Processor:
* TrustZone is an operating mode of the CPU, not a separate processor. Fundamentally, it's not all that different from supervisor mode; it's just more privileged. (If you really wanted, you could probably write an OS that ran parts of the kernel in TrustZone.)
* You don't have to have anything running under TrustZone. Indeed, most processors which support TrustZone (e.g, most Android phones) aren't using it at all.
* The TrustZone specification is publicly available [1]. You can read about it all you want. (If you're brave enough and have the right development tools, you can even write code to run in it.)
* ARM's reference implementation of a TrustZone OS is also publicly available [2]. If you're curious how it works, you can see for yourself. (This doesn't include the application code which may be present in specific implementations, of course.)
[1]: https://www.arm.com/products/processors/technologies/trustzo...
[2]: https://github.com/ARM-software/arm-trusted-firmware