Difference between revisions of "Android TrustZone"

A very valuable series of posts to understand TrustZone and more specifically QSEE

• http://bits-please.blogspot.com/2015/03/getting-arbitrary-code-execution-in.html
• http://bits-please.blogspot.com/2015/08/exploring-qualcomms-trustzone.html
• http://bits-please.blogspot.com/2015/08/full-trustzone-exploit-for-msm8974.html
• http://bits-please.blogspot.com/2015/08/android-linux-kernel-privilege.html
• http://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html
• http://bits-please.blogspot.com/2016/04/exploring-qualcomms-secure-execution.html
• http://bits-please.blogspot.com/2016/05/qsee-privilege-escalation-vulnerability.html
• http://bits-please.blogspot.com/2016/05/war-of-worlds-hijacking-linux-kernel.html
• http://bits-please.blogspot.com/2016/06/trustzone-kernel-privilege-escalation.html
• http://bits-please.blogspot.com/2016/06/extracting-qualcomms-keymaster-keys.html

Reconstructing a QSEE Trustlet as valid ELF:

• https://github.com/laginimaineb/unify_trustlet

Exploits

• https://github.com/laginimaineb/MSM8974_exploit
• https://github.com/laginimaineb/WarOfTheWorlds
• https://github.com/laginimaineb/cve-2015-6639
• https://github.com/laginimaineb/cve-2016-2431

TrustZone more generally

• https://genode.org/documentation/articles/trustzone
• https://genode.org/documentation/articles/usb_armory

Presentations

• https://hackinparis.com/data/slides/2013/Slidesthomasroth.pdf