Open qzed opened 2 years ago
I've found this on the topic:
For the Windows on Arm64 stack (on currently shipped SoCs), a mechanism, Secure Launch, is provided to escalate from EL1 to EL2. bootmgfw issues a SMC call, the function is the same as the one used to initialise Intel ACM or AMD SKINIT. QHEE intercepts it, does some sanity and integrity checks then remaps memory to load the TCB launcher and jumps to the entry point. This means that if you run Linux on those, you don't have EL2.
Source: https://news.ycombinator.com/item?id=30322404
As far as I understand, TCB is some sort of shim that is signed, verified, and gets launched in EL2 (whereas the call to launch it is made from EL1). Not sure whether it can be unsigned with secureboot disabled (likely not...). If not, this would probably require some exploit. Or we would have to re-use whatever blob Windows uses... if we can.
Yes, it is my understanding Secure Launch is being used to take over the Qualcomm Hypervisor, but you also have a Secure Kernel extension in windows, QcSkExt8180.exe, which is loaded by the Hyper-V kernel to reimplement some now missing scm traps used for PIL. IOMMU support is also switched away from the qcsmmu driver to hyperv, and there's a shim driver, qciommu used to forward requests to the windows native api instead so existing drivers work. (Qualcomm drivers make use of a QC defined DDI/IOCTL set, smmu/iommu driver selection is decided depending on if hyper-v is enabled or not).
Quoting @jhaxhiaj from #7: