2016 marked the start of eshard’s training season. We kicked off Q1 with three training sessions on TEE TrustZone security. TrustZone is a ARM system-wide approach to security that is used on billions of chips to protect valuable services and devices, including smartphones.
Close to 25 people joined us in three different sessions to understand the technology behind TrustZone. We produced an attack (which was publically presented a bit more than a year ago) that was used as an example during the course. We went into details how to implement TrustZone security, provided details on the typical TrustZone OS and showed how you can exploit the security of TrustZone. The point of the training is to give attendees more knowledge of the implementation of TrustZone and how the security can be exploited. Attendees were given the opportunity to run their own code. Usually this is not possible, but in our training the attendees were able to run through the 8 to 10 steps needed to be able to run the code. From building the kernel to exploiting the TrustZone API code.
This training, mostly practical with some theoretical sessions, is quite unique in the industry. It provides a very hands-on approach to learn how the security of TrustZone works, in order to better understand how malicious attacks could be doneand potential payloads.