In their latest article, the developers of the Genode OS Framework document the long-winded way to their new ARM TrustZone demo on the USB Armory – an open source flash drive sized computer. This undertaking was motivated by the prospect to put Linux, which normally runs on the USB Armory, under the supervision of a significantly less complex Genode hypervisor. This construction enables shielding sensitive information like cryptographic keys from Linux by exposing them to Genode only and thereby drastically reduces the attack surface.
The article illustrates how the TrustZone technology is used to isolate Genode from Linux without compromising the rich feature set of Linux, and how both worlds can safely communicate with each other. Finally, the article provides you with all tools and information for easily bringing the demo to your own USB Armory.
Just the word hypervisor and that device in one sentence…really incredible. It is quite a random device for Genode to put such focus on, but if they want to scratch that itch and do it in this way….awesome
That makes it sound like a good choice for getting the most “bang” for the least amount of work. And the code should work on other devices, as well.
I dare say that the Genode development team is doing just about everything right. Amazing skills, both in development, documentation and communication
Thanks.
(removed)
Edited 2015-12-10 17:21 UTC