On 5/31/05, Dries Schellekens <[EMAIL PROTECTED]> wrote: > ARM TrustZone is not enough to have bullet proof DRM system, as it does > not offer trusted I/O (i.e. secure channel to audio and video). > > Other than DRM TrustZone can be used to do some nice things to make > operating systems more secure; e.g., manage keys in a secure way (you > don't have the same problems as with Intel HT ;-)) > > > Cheers, > > Dries >
Hehe well I'm looking at suggesting to implement support for TrustZone in a OS the company works with. In the doc's ARM claim though: "TrustZone defines a secure world within the embedded system. This can include direct peripheral channels, the user interface, SIM and smart cards as well as audio output. For the non-secure world, TrustZone can enable security through integrity checking for all the features within a SoC device. For example, decoded DRM audio can be protected as it is passed to non-secure audio drivers by integrity checking the relevant part of the OS infrastructure." And also claim: "secure on-chip RAM used to store and run trusted code such as DRM engines and payment agents, or to store sensitive data such as encryption keys," I have yet to look at the technical doc's for them so I can see how it's suppose to be implemented but TrustZone sounds pretty nice from a security view (not for the DRM stuff).
