Merge pull request #602 from 3mdeb/develop

Publish "New Dasharo v0.9.0 Meteor Lake releases"
3mdeb · Aug 8, 2024 · 4fb7236 · 4fb7236
2 parents c07eb89 + e496f1b
commit 4fb7236
Show file tree

Hide file tree

Showing 25 changed files with 372 additions and 6 deletions.
diff --git a/blog/content/authors/filip-golas/_index.md b/blog/content/authors/filip-golas/_index.md
@@ -0,0 +1,15 @@
+---
+title: "Filip Gołaś"
+name: "Filip Gołaś"
+identifier: filip.golas
+photo: "/authors/filip.golas.png"
+facebook: ""
+twitter: ""
+linkedin: "https://www.linkedin.com/in/filip-go%C5%82a%C5%9B/"
+github: "https://github.com/philipandag"
+---
+
+Embedded Developer Intern at 3mdeb, studying Computer Science
+at Gdansk University of Technology. Interested in low-level
+programming, networking and computer security.
+Enjoying amateur astronomy, PC building and video games.
diff --git a/blog/content/post/2024-03-08-cross2024-ftpm-tee-ta.md b/blog/content/post/2024-03-08-cross2024-ftpm-tee-ta.md
@@ -45,20 +45,34 @@ in a protected execution environment called a trusted execution environment
 For Arm Cortex-A, there exists the Arm TrustZone technology.
 When used on an embedded device it creates two distinct memory "worlds": a
 Normal World for the Operating System (referred to as Rich OS in documentation)
-and a Secure World, perfect for implementing the Trusted Execution Environment.
+and a Secure World, perfect for implementing the Trusted Execution
+Environment<sup>[[1]](#figure-1%3A-arm-trustzone-for-arm-cortex-a)</sup>. <!-- markdownlint-disable-line MD033 MD051 MD013 -->
 The transition between these worlds is managed by the Secure Monitor, operating
 at a higher exception level (EL3), ensuring secure memory regions are
-exclusively accessible from the Secure World. This mechanism supports running
+exclusively accessible from the Secure
+World<sup>[[2]](#figure-2%3A-cortex-a-exception-levels)</sup>. <!-- markdownlint-disable-line MD033 MD051 MD013 -->
+This mechanism supports running
 fTPM in the Secure World, enabling secure syscalls from user space. Secrets
 stored in fTPM are secure as long as the Secure Monitor is not compromised.
+<!-- markdownlint-disable-next-line MD033 MD013-->
+<div style="text-align: center;"> <img src="../../static/img/TEE_ARM_Cortex-a.svg" alt="Cortex-A TrustZone"> </div>
 
-![Cortex-A TrustZone Exception Levels](/img/TEE_ARM_Cortex-a_exception_levels.svg)
+<!-- markdownlint-disable-next-line MD033 MD001 -->
+##### <div style="text-align: center;">Figure 1: Arm TrustZone for ARM Cortex-A </div>
 
-![Cortex-A TrustZone](/img/TEE_ARM_Cortex-a.svg)
+<br> <!-- markdownlint-disable-line MD033 -->
+<br> <!-- markdownlint-disable-line MD033 -->
+
+<!-- markdownlint-disable-next-line MD033 MD013-->
+<div style="text-align: center;"> <img src="../../static/img/TEE_ARM_Cortex-a_exception_levels.svg" alt="Cortex-A TrustZone Exception Levels"> </div>
+
+<!-- markdownlint-disable-next-line MD033 MD001 -->
+##### <div style="text-align: center;">Figure 2: Cortex-A Exception Levels </div>
 
 Arm TrustZone also exists for the Cortex-M series but adopts a simpler and more
 hardware-focused approach relying on hardware mechanisms to manage the CPU
-state via interrupts.
+state via
+interrupts<sup>[[3]](#figure-3%3A-arm-trustzone-for-arm-cortex-m)</sup>. <!-- markdownlint-disable-line MD033 MD051 MD013 -->
 
 fTPM requires a non-trivial amount of computational
 resources and memory, which might be scarce in the environments where Cortex-M
@@ -67,6 +81,12 @@ due to the limited resources available on these devices. It's also rare for the
 Cortex-M devices demand the complex security functionalities that fTPM
 provides.
 
+<!-- markdownlint-disable-next-line MD033 MD013 -->
+<div style="text-align: center;"> <img src="../../static/img/TEE_ARM_Cortex-m.svg" alt="Cortex-M TrustZone"> </div>
+
+<!-- markdownlint-disable-next-line MD033 MD001 -->
+##### <div style="text-align: center;">Figure 3: Arm TrustZone for ARM Cortex-M </div>
+
 ## Fallbacks and Security Concerns
 
 _The best-protected systems have dedicated hardware security measures included
@@ -79,7 +99,7 @@ this can improve the security of such devices there are hardware security
 concerns that the device should fulfill from the beginning.
 
 OP-TEE (Open Portable Trusted Execution Environment) is an open-source project
-that provides a TEE designed for Arm architectures that utilizes Arm TrustZone.
+that provides a TEE designed for ARM architectures that utilizes Arm TrustZone.
 Its [official documentation specifies the Raspberry Pi 3 platform as not
 suitable for a secure implementation of Trusted Execution Environment](
 https://optee.readthedocs.io/en/latest/building/devices/rpi3.html#disclaimer).