OK, so there's the one instruction to do a system call that hits secure mode. It's equivalent to svc or hvc, but hits EL3 (secure mode) rather than EL2 (hypervisor mode) or EL1 (supervisor mode).
It's very very different than the dozen or so instructions to setup TXT or SGX that sits off to the side of the main OS rather than running like a super hypervisor. If you're going to compare it to something, it's way more like SMM on x86.
Source: I've ported a kernel to EL3 (secure mode).
It's very very different than the dozen or so instructions to setup TXT or SGX that sits off to the side of the main OS rather than running like a super hypervisor. If you're going to compare it to something, it's way more like SMM on x86.
Source: I've ported a kernel to EL3 (secure mode).