TrustZone is likely to sit in the smartphone near you, even if you know nothing about it. It is, technically speaking, just a part of the microcomputer in your phone that is designed to be trusted. Trusted. Just like this.
TrustZone is not exactly a new concept. When I was young (and the Earth crust was not yet solid) computers used to have a supervisory mode: the part of the computer software that had special privileges. The concept evolved one way or another: root access, execution rings, security monitor, hypervisor: you name it. The idea is still the same: there is a part of your software that has more rights than the other part, and the part with less rights must use the part with higher rights to do some useful things.
This particular solution, however, uses the word ‘trust’ so it is always worth asking in such a case: who is supposed to trust the TrustZone?
Trust, as a word, covers all manners of sins. Unqualified ‘trust’ does not mean much. There is a very limited number of situations that you ‘just trust’. As for the rest, you trust
- specific someone (person, institution, computer, cat..)
- in a specific context (to perform a surgery, to return money, …)
- during the specific duration of time (for the next ten years, only now…)
Forgetting those specific limitations of trust may lead to situations that range from comical to dangerous. It may be comical to trust your doctor with your house plumbing (and consequently ask him to come over and fix a tap). It may be dangerous to trust your plumber with a major surgery.
Back to TrustZone: what trust is it? It seems that in Trust Zone, trust refers to the fact that ..
Issuers of applications can trust device manufactures that the security of the ‘trusted’ applications will not be compromised by the ‘untrusted’ application, for as long as the device is operational.
That’s it. End users (that is me, you and a couple of billions others who actually pay for those devices) do not seem to fit into this picture at all. We have no access to TrustZone, other than possibly granted by operators of ‘trusted’ applications.
Those ‘trusted’ applications can control what we do with our ‘untrusted’ applications, and can prevent us from doing what they deem inappropriate: like reading the wrong kind of books, or calling inappropriate people, or possibly buying unhealthy food. For our own good and convenience, of course.
Of course they will always do it for our own good. They will never delete the book you read, or refuse to perform a legitimate transaction, or connect to the cheaper network.. Oops. Actually, the already did it.
Which means that we have to trust operators of those ‘trusted’ applications that they actually design and operate them for our good. This is a tough call. Myself, I believe that if I have to trust, then I should not trust. Which is why I still read paper books and pay cash. Which is why my mobile phone is not smart. I am loosing some of the shiny novelty. I gain peace of mind.
Of course TrustZone has its own merits. It is convenient to store credit cards, and we do not have to worry about the ownership too much -we do not own our credit cards anyway. Thinking of that, we do not own banknotes and coins that we are using.
Thinking of that’ we do not own our houses and our cars. Cars are already getting their own black boxes. Houses are getting smart meters. Their own TrustZone. There is a pattern forming, and I do not like the look of it.