Introduction to ARM TrustZone and Secure World Control

ARM TrustZone technology is a critical security extension integrated into modern ARM processors, providing a hardware-isolated execution environment known as the Secure World. This Secure World operates alongside the Normal World (where Android runs) to protect sensitive data and operations, such as cryptographic keys, digital rights management (DRM) content, and biometric authentication. TrustZone achieves this by partitioning system resources, allowing only trusted applications (TAs) within a Trusted OS (T-OS) to access secure memory and peripherals.

This article details the theoretical and practical steps involved in developing a Proof-of-Concept (PoC) malicious Trusted Application. Our goal is to illustrate the immense power and potential dangers of controlling the Secure World by demonstrating how an unsigned, custom TA could be designed to log sensitive operations or extract protected data, given the capability to load it onto a device. This is purely for educational and research purposes, highlighting the importance of secure boot and firmware integrity checks in preventing such attacks on real-world devices.

Prerequisites and Threat Model

Essential Tools and Knowledge

• A development board or a rooted Android device with an unlocked bootloader, allowing custom kernel/firmware flashing. Examples include devices supporting OP-TEE.
• Familiarity with ARM architecture, assembly language, and C programming.
• Understanding of Linux kernel module development and Android’s native development kit (NDK).
• A cross-compilation toolchain for ARM (e.g., arm-linux-gnueabihf-).
• A TEE SDK (e.g., OP-TEE Client/Trusted OS development kit).

The Malicious TA Threat Model

In a real-world scenario, devices employ secure boot mechanisms that verify the cryptographic signatures of all boot components, including the Trusted OS and its Trusted Applications. Our PoC assumes a scenario where these checks are either bypassed (e.g., through a bootloader exploit) or deliberately disabled in a research environment, allowing an unsigned TA to be loaded. The ‘malicious’ aspect of our TA will be its ability to access resources or perform actions typically restricted to legitimate, signed TAs, such as logging secure data flows or attempting to modify secure configurations.

Understanding TrustZone Architecture and OP-TEE

TrustZone divides the system into two virtual processors: the Normal World (NW) for general-purpose OS like Android, and the Secure World (SW) for the Trusted OS. Communication between NW and SW occurs via Secure Monitor Calls (SMCs). The Trusted OS (e.g., OP-TEE, Trusty) manages Trusted Applications (TAs), which are isolated binaries executed within the SW. Our PoC will involve creating a custom TA for the Secure World and a client application (CA) in the Normal World to interact with it.

OP-TEE High-Level Interaction

• Trusted Application (TA): Runs in Secure World, performs secure operations.
• Client Application (CA): Runs in Normal World (Android), requests services from TA.
• TEE Client API: Standardized API (e.g., GlobalPlatform TEE Client API) used by CA to communicate with the T-OS.
• Secure Monitor: Handles context switching between NW and SW.

Developing the Malicious Trusted Application (TA)

We’ll create a simple OP-TEE TA that, for demonstration, logs a secret string every time it’s invoked and potentially tries to read a dummy