Hacker News new | past | comments | ask | show | jobs | submit login

It should be noted that AMD has an equivalent management engineZ



But ARM hasn't. Or have they added something to their server range of designs?


The short version is "It's complicated". Most ARM cores have a feature called TrustZone. Effectively, there's a set of system resources that are allocated to TrustZone and not accessible from the normal world. Various events can trigger the CPU to transition into executing code in this "Secure world", at which point the core stops running stuff from the normal world and instead starts running an entirely separate set of things. This can be used to do things like "hardware" key generation, DRM management, device state attestation and so on. Whether a specific platform makes use of TrustZone is largely up to the platform designers, but there's plenty of room to hide backdoors there if you were so inclined.


Hmm, I have never seen Trustzone as comparable to ME.

Trustzone is a secure execution environment, mostly isolated from normal CPU operation. Wasn't it so that it cannot even access main memory???

ME is really more privileged than the CPU?

I have not heard about Trustzone doing networking. But ME can supposedly do even WLAN while the CPU is not running.

Disclaimer: I am not a hands-on expert at that level, more like an armchair pilot...


TrustZone is a CPU mode, hence it is not fully isolated from normal CPU operation. The CPU chooses to enter it and the current CPU state gets saved/restored. It contains the highest exception level, so it is able to access all memory. It does not usually have networking because that would invite complexity, but there is nothing to stop a vendor from putting a full network stack in there and assigning a network peripheral. Typically, it would rely on the main OS to send and receive packets.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: