Hacking ARM TrustZone / Secure Boot on Amlogic S905 SoC

Amlogic S905 processor used in many Android TV boxes and ODROID-C2 development board implements ARM TrustZone security extensions to run a Trusted Execution Environment (TEE) used for DRM & other security features. However, Frédéric Basse, a security engineer, worked with others and managed to bypass secure boot in one Amlogic S905 powered Android TV box, namely Inphic i7, but any other device based on the processor would have made the same thing possible. He explains the steps they went through and how they managed to exploit vulnerability to bypass secure boot in a detailed technical blog post. They first started by looking for info in Amlogic S905 datasheet, but most info about TrustZone had been removed from the public version. So not that much help here except a potential address for BOM Root (ROMBOOT_START   0xD9040000). The next step was to connect the UART pins in order to access the […]

Upcoming ARM TrustZone Webinars Explaining Embedded Systems / IoT Security to Non-security Experts

Most people understand that securing the IoT is important, but security is a highly a complex subject, and as seen with the many security breaches, even specialists – who in theory should now better – get their devices or online accounts hacked. So even if you are not a security expert, but are involved in the development of embedded systems, it’s important to get acquainted with online and offline security and understand how all this all work, at least from a high level perspective, without necessarily having to dig into the technical details. ARM is organizing two webinars catering to people who are not security experts, and explaining how they can secure embedded systems using the company’s TrustZone technology. The first webinar entitled “How to build trust and security into your embedded device” will allow participant to gain an understanding of the security that will need to be applied in […]

Raspberry Pi 3 To Get ARM TrustZone Support with Linaro OP-TEE Port

If you ever wanted to experiment with ARM Trustzone, and IoT security, you’ll soon be able to do so with the Raspberry Pi 3 board thanks to a port of Linaro OP-TEE (Open Portable Trusted Environment Execution) by Sequitur Labs. Broadcom BCM2737 SoC found in Raspberry Pi 3 board already had TrustZone hardware for isolation and protection for sensitive material such as cryptographic keys, algorithms and data, but the upcoming software release will mean the feature can now be used, and it’s free for trial/evaluation, and  education. Trustzone is also used for DRM (digital rights management), but in the case of Raspberry Pi 3 it will most likely used to teach how to secure the Internet of Things (IoT). The release is scheduled for July 11, with source code and documentation to be available in OP-TEE github account. All you’ll need to get started is a Raspberry Pi 3 board, […]

Linaro Connect 2016 Bangkok Schedule – March 7-11, 2016

Linaro Connect Bangkok (BKK16) will take place on March  7 – 11, 2016, and the schedule is now available for the 5-day event with keynotes and sessions. Whether you’re going to attend or not, it’s always interesting to check the schedule to find out what’s going on in terms of ARM Linux development. The five days will focus on work by different Linaro groups, but really sessions are mixed for any given day, and I’ve created a virtual schedule for each day with available information, as Linaro has become a little more closed to the outside than when it was launched a few years ago. Monday 7 – LITE (Linaro IoT & Embedded Group) 1400 – 14:50 – Evolution of the Reference Software Platform Project The Reference Software Platform lead project was introduced in Linaro Connect San Francisco 2015, and since then it evolved and matured with the completion of […]

Amlogic S905X Processor Specifications

[Update September 2016: Removed Video Input Unit and Gigabit Ethernet MAC, since the latest documents have removed them] A few weeks ago, I wrote about the upcoming Amlogic S905M quad core Cortex A53 processor support 4K VP9 and 10-bit HEVC, but the silicon manufacturer seems to struggle with sticking with a name, as after the initial S908 part, they moved to S905M, before hopefully settling on Amlogic S905X, for which I received more information include a block diagram, and more detailed specifications. These are most of the specifications currently available for Amlogic S905X processor with highlights in bold: CPU Sub-system –  Quad core ARM Cortex-A53 CPU up to 1.5GHz (DVFS) with Neon and Crypto extensions 3D Graphics Processing Unit – Penta-core ARM Mali-450 GPU up to 750MHz+ (DVFS) with two geometry/vertex processors, three pixel processors supporting OpenGL ES 1.1/2.0 and OpenVG 1.1. 2.5D Graphics Processor – Fast bitblt engine with […]

Amlogic S905X and S912 Processors To Support 4K VP9, HDMI 2.0a, Built-in DAC and More

I had heard some news that Amlogic S912 was delayed, and even possibly canceled, while talks about a new S908 processor surfaced recently with support for VP9 up to 4K resolution. We now have some more details as I’ve received some more information about Amlogic product roadmap, and S908 should be renamed S905M [Update: The name will apparently be changed to S905X now, the saga continues…] Amlogic S905 Amlogic S908 / S905M / S905X Amlogic S912 CPU Quad core Cortex A53 @ up to 2.0 GHz Quad core Cortex A53 @ up to 1.5/2.0 GHz Octa core Cortex A53 @ up to 2.0 GHz GPU Penta-core Mali-450 up to 750 MHz High perf gaming GPU Memory 16/32-bit DDR3, LPDDR2/3 Up to 2GB, DDR2133 16/32-bit DDR3/4, LPDDR2/3 Up to 2GB, DDR2400 Storage NAND [email protected] eMMC 5.0, SD, Nor Flash Video Decoding 4Kp60 10-bit HEVC, 4Kp30 H.264 4Kp60 10-bit HEVC, VP9 4Kp30 […]

ARM Introduces Cortex A35 64-bit Low Power Core, ARMv8-M Architecture for Secure MCUs

ARM TechCon 2015 has just started, and there have been a few announcements including the launch of a Cortex-A7 replacement with Cortex A35 providing 10% lower power consumption, 6 to 40% performance boost, and a better design flexibility making it suitable for SoC for smartphones to wearables. The main specifications of Cortex A35 cores: Architecture ARMv8-A (AArch32 and AArch64 ) Multicore 1-4x SMP within a single processor cluster, and multiple coherent SMP processor clusters through AMBA 5 CHI or AMBA 4 ACE technology ISA Support AArch32 for full backward compatibility with ARMv7 AArch64 for 64-bit support and new architectural features TrustZone security technology NEON Advanced SIMD DSP & SIMD extensions VFPv4 Floating point Hardware virtualization support Debug & Trace CoreSight DK-A35 The new core can both be used in quad core configuration at 1 GHz for a smartphone (90 mW per core), or in single core configuration at 100 MHz […]

USB Armory is an Open Source Hardware Freescale i.MX53 Dongle for Security Applications

Most computers-on-a-stick come with an HDMI port, and a few USB ports, but Inverse Path’s dongle is quite different. USB Armory is a flash drive sized computer powered by Freescale i.MX53 Cortex A8 processor with only a USB port and a micro SD slot, that targets security applications such as mass storage devices with automatic encryption, virus scanning, host authentication and data self-destruct, VPN routers, electronic wallets, password managers, portable penetration testing platforms, and so on. USB Armory specifications: SoC – Freescale i.MX53 ARM Cortex-A8 @ 800Mhz with ARM TrustZone System Memory – 512MB DDR3 RAM Storage – microSD card slot USB – 1x USB host port. USB device emulation: CDC Ethernet, mass storage, HID, etc. Expansion Header – 5-pin breakout header with GPIOs and UART Misc – customizable LED, including secure mode detection Power – 5V via USB  (<500 mA power consumption) Dimensions – 65 x 19 x 6 […]