cryptax

At BlackAlps, Marcel Busch and Philip Mao show how forgetting to check input types in the trusted apps of TrustZone leads to memory read/write.

#blackalps24 #trustzone

dorotaC

Trusted computing got a new coat of paint. Now it's called "confidential computing", and it's totally not about who controls the machine, not at all.

A talk at #rustlab2023 triggered me, so I had to rant about it on my blog. Sorry.

dorotac.eu/posts/rustlab/

#drm #tpm #trustzone #rustlab

After Rustlab

dorotac.eu
Hexnut

I was looking at arm microcontrollers for a project at work recently. This is not something I have done in a while. Some of the newer ones have features like page protection and secure enclave support that I've never seen at that level before. Seems like progress. #microcontroller #trustzone #iot

Brudi Bräu

Any embedded cybersecurity nerds present? I try to assess how dangerous this attack to the ARM Cortex-M TrustZone is. I am not an expert on the TrustZone but this attack sounds like it is easy enough to mitigate by using secure or measured boot and not doing retarded stuff in the TrustZone like using key material in the control flow. Any thoughts on this?
theregister.com/2023/05/15/mcu
#blackhat #trustzone #arm

Arm confident Cortex-M is secure after side-channel attack

Spectre-esque exploit figures out when interesting…

www.theregister.com
censored for “transphobia”

@ellenor I don’t need high performance so I use ~15 y.o. hardware that pre-dates the spy chips. But still my hardware was not targeted by #coreboot / #libreboot, so my firmware is non-free. I also have some newer hardware that I pulled out of dumpsters (thus did not contribute to the intel M.E./ AMD #trustzone spy chip market), which I just use for occasional experiments.

Lup Yuen Lee 李立源

Prevent spoofing of #IoT Actuation Commands with Arm #TrustZone on #RaspberryPi...

"Protecting Actuators in Safety-Critical IoT Systems from Control Spoofing Attacks"
dl.acm.org/doi/pdf/10.1145/333