gems-
Hacking ARM TrustZone / Secure Boot on Amlogic S905 SoC
Amlogic S905 processor used in many Android TV boxes and ODROID-C2 development board
implements ARM TrustZone security extensions to run a Trusted Execution Environment (TEE)
used for DRM & other security r
, Fré
dé
ric Basse, a security engineer
, worked
with others and managed to bypass secure boot in one Amlogic S905 powered Android TV box,
namely Inphic i7, but any other device based on the processor would have made the same
thing possible.
He explains the steps they went through and how they managed to exploit vulnerability to
bypass secure boot in a
detailed technical blog post
.
They first started by looking for info in
Amlogic S905 datasheet
, but most info about
TrustZone had been removed from the public version. So not that much help here except a
potential address for BOM Root (ROMBOOT_START
0xD9040000). The next step was to
connect the UART pins in order to access the serial console, but he could not read the
BootROM from there most probably because
you can’t access secur
e code from an
non-secure memory
.
gems-
gems-
gems-
gems-
gems-
gems-
gems-
gems-
本文更新与2021-01-21 20:35,由作者提供,不代表本网站立场,转载请注明出处:https://www.bjmy2z.cn/gaokao/546034.html