Isolating Trussed from the rest of the firmware

[arturkow2000]

Could you give us some info on using Trussed with TrustZone (or any other isolation mechanism)? FWIU, neither NitroKey nor Solo2 firmware uses TrustZone, and Trussed calls only invoke RTIC to switch tasks. Shouldn't Trussed calls involve a context switch into the Secure World, or call to another app if using Tock OS?

[nickray]

Correct, TrustZone is currently not used, but Trussed is designed with the intent for it to eventually be used. There were two reasons, lower prioritization relative to other matters, and that LLVM didn't have the Cortex-M Security Extensions implemented. I'm not sure on the current status of the latter, but with inline assembly in stable Rusts and macros, workarounds should probably be possible if they still are not.

As you may have seen, internally interchange is used liberally. While this approach ("copy of owned data in shared buffer") is starting to run into some RAM issues in some situations, the main reason is not just ergonomics (no serde), but to have the client "apps" run in the non-secure world, place their Trussed RPC requests in such a buffer, and then trigger a context switch into the Trussed service that would run in the secure world. With this design, clients would have clearly defined data-only regions, limiting attacks of the secure world, which would be communicating with the non-secure world only by reading and writing data into these regions.

On a technical level, this seems like a major undertaking which we'd like to tackle eventually, but not (ourselves) in the short term. For instance, with SoloKeys we use RTIC as minimalist OS; this would need to gain some native understanding and support for TrustZone-M (there have been multi-processor variants of RTIC that could be revisited). Potentially, Grepit AB and/or Ferrous Systems could be employed to implement this. When revisiting at such a fundamental level (of actually using TrustZone), it would be of interest to compare other approaches like embedded async Rust, and consider integration into larger ecosystems such as Tock OS. As a side remark, with SoloKeys we purposely never used Tock OS for multiple reasons, but from a Trussed perspective, it would of course be interesting to be used within a Tock OS context.

[arturkow2000]

Since we are working on nRF52840, having Trussed in TrustZone is a no-go for us (at least not on this platform), so we are interested in using Tock OS. Tock seems heavy, and even now, we are having a hard time on resources. We prefer some minimalist OS instead but haven't found any suitable alternative so far.

IMO, Trussed should be completely separate from the main firmware, with a library used for IPC linked into apps. With this approach, Trussed would be loaded by a bootloader, and it would initialize itself and go back to the bootloader to load the rest of the firmware. Everything is currently linked into a single image, so how can we clearly distinguish the secure part from the non-secure one? Even if we build Trussed separately (separate Tock OS app), we still need to link it into the main app for API, duplicating code. I mean to have two crates: trussed - Trussed itself, and trussed-api containing only interface definitions and methods for communicating with Trussed.

[nickray]

We should have a discussion... I feel like you are porting C patterns into Rust, and am also confused as you asked for TrustZone first and now you're saying you want no TrustZone.

In any case, as it stands right now, apps and the Trussed service are in fact clearly distinguished, as the apps write the requests (segregated by app) into a buffer:

trussed/src/client.rs

Line 219 in c52e9c7

self.interchange.request(&request).map_err(drop).unwrap();

which Trussed read/writes from. Are you aware of the use of https://docs.rs/interchange here and in other places? There is otherwise no way for the apps to influence the Trussed service. These buffers could also potentially be protected by an MMU.

I fully agree that Tock OS is too heavy (and has no security focus), which is why we're (happily) using RTIC for scheduling. It may well be the minimalist OS you are looking for too.

[arturkow2000]

I know about the interchange library. But what I mean is that Trussed and apps are linked into one monolithic binary, and both Trussed and apps data regions are merged into a single region and cannot be distinguished anymore, so I can't use MPU.
Also, what do you mean by saying that Tock OS has no security focus?