What is Trustzone? And how does it relate to hacking the switch? Kernel exploits, trucha-type stuff?

Discussion in 'Switch - Hacking & Homebrew' started by Marioyoshi64, Jul 31, 2017.

  1. Marioyoshi64
    OP

    Marioyoshi64 Advanced Member

    Newcomer
    78
    8
    Jun 17, 2017
    United States
    ???
     
  2. The Real Jdbye

    The Real Jdbye Always Remember 30/07/08

    Member
    GBAtemp Patron
    The Real Jdbye is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,869
    5,020
    Mar 17, 2010
    Norway
    Alola
    As far as I know, it's equivalent to kernel access.
    The Switch CPU (well, any CPU with ARM TrustZone) is divided into 2 sections, privileged code and unprivileged code.
    Unprivileged code only has access to unprivileged parts of the system (memory, applications, hardware and so on), whereas privileged code has access to privileged hardware, privileged memory, privileged applications and so on.
    You can think of it as a hardware sandbox, it's similar to how the 3DS works (with ARM9/ARM11), but instead of being physically separated by different chips, the separation is integrated into the SoC.
    There's some more info here: https://www.arm.com/products/security-on-arm/trustzone

    Basically what we need for Switch hacking right now is a TrustZone exploit, that is, an exploit that would allow us to run our own privileged code. This would allow pretty much anything short of cold boot CFW (that would need a bootloader exploit, or an exploit in the home menu or similar)
    That's why the TrustZone dump is such big news. It's akin to dumping the ARM9 kernel of the 3DS. I don't think it's quite on the same level as the 3DS bootrom, I think there's still a bootloader of some sort below TrustZone. But the TrustZone dump will make it immensely easier to find an exploit in privileged code that would in turn allow a lot of the things people are waiting for. Namely piracy, save managers, update bypassing, and other system-related tools.
     
    Last edited by The Real Jdbye, Jul 31, 2017