ARM vs x86 privacy/security?
#1
Apologies if this has been covered before, I didn't find anything in a search..

Privacy-oriented people/groups (including EFF) have written about how Intel's Management Engine is a potential privacy/security risk. It's closed-source, runs close to the hardware, basically has access to everything on the computer. It's a prize target for hackers, and speculation has it that there might be backdoors for government agencies. AMD has a similar system, "AMD Secure Technology". 

I can't see that ARM chips contain anything similar. So, in theory, maybe ARM-based systems have a small privacy/security advantage?

(Yes, I realize that my privacy is probably far more at risk from anything I do online, regardless of hardware or operating system. But still, I'd be curious to know!)
  Reply
#2
Some ARM systems do have management controllers such as that (mostly the server-oriented ones).

In the case of Pine64 boards though, there's not really anything like Intel ME or AMD's counterpart for it. The closest thing is the AR100 core in the A64 SoC, but all that it does is power management. Even that is only when you are running a system based on Allwinner's closed-source BSP. When running mainline Linux, it's sitting there doing nothing.  It could theoretically be programmed to do anything you want, and there's even an open-source alternative to the BSP firmware for it.

As for the Rockchip based boards, I'm not aware of any management core inside those SoCs.
Community administrator and sysadmin for PINE64
(Translation: If something breaks on the website, forum, or chat network, I'm a good person to yell at about it)

  Reply
#3
ARM TrustZone ?
  Reply
#4
(06-28-2019, 06:25 AM)Kochise Wrote: ARM TrustZone ?

Oh, interesting. I hadn't heard of TrustZone - here's the Wikipedia entry. It says that TrustZone is implemented in "ARMv6KZ and later application profile architectures", but I confess I'm not knowledgable enough about ARM to know if that includes Pine64's SoCs of not?
  Reply
#5
TrustZone, Secure Monitor, EL3 Secure World OS, entirely hidden of and inaccessible by the ordinary OS, run in the EL1, it even has its own system address space, set of "secure" peripherals, it's a system in the system and if the vendor locks it, you will never have a chance to get into that, except what the vendor has exposed to you through the gateway, that still never will show you what's inside. And every armv7 and armv8 SoC nowadays has Secure World included. So, only a tin foil hat, my friend. Big Grin
[Image: ab-Domination.jpg]
  Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
Brick Hardening and Security Guides rock7 0 73 12-02-2019, 05:55 PM
Last Post: rock7

Forum Jump:


Users browsing this thread: 1 Guest(s)