What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned 

What the TrustZone-M Doesn't See, the MCU Does Grieve Over: Lessons Learned from Assessing a Microcontroller TEE
Arm Cortex-M Microcontrollers (MCUs) are the de facto computing units powering billions of small embedded and Internet of Things (IoT) devices. Recently, as a step towards securing devices at scale, Arm introduced the TrustZone technology in the latest generation of their Armv8-M MCUs (e.g., Cortex-M33). TrustZone-M partitions the CPU into two worlds, enabling the materialization of Trusted Execution Environments (TEEs) on constrained devices. One of the weakest aspects of TrustZone-M is the CPU-centric view, i.e., the specification only defines CPU-level security protection controllers (e.g., SAU, IDAU). Still, MCUs have a number of other peripherals and computing elements (e.g., DMA devices) at the system level, and achieving system-wide isolation requires vendor-specific platform protection controllers (PPCs). We argue that this dichotomy, together with a lack of understanding of the PSA isolation levels, can be a major catalyst for the existence of unknown security holes in modern TrustZone-M systems, and we found evidence that supports our claim.
In this talk, we share our journey on fully assessing an MCU-based TEE targeting a reference TrustZone-M hardware platform. First, we clarify the PSA isolation levels and describe the limitations of the target hardware platform for providing isolation within the secure world. Then, we discuss the assessed TEE system, explain how it is possible to bypass CPU-level isolation primitives, and explain the design of a TEE core mechanism to offer such protection. To close the talk, we perform a live demo of one potential exploit demonstrating how a Secure Partition (controlled by an untrusted application) can bypass all hardware and software TEE isolation boundaries to retrieve a cryptographic key from other Secure Partitions or the Trusted kernel.
By:
Sandro Pinto | Associate Research Professor, Universidade do Minho
Cristiano Rodrigues | PhD Student, Universidade do Minho
Full Abstract & Presentation Materials:
www.blackhat.c...