Hi all,


Can we have isolated execution environments for untrusted applications using TrustZone?


In theory, the untrusted app will run as a TA, all syscalls made by the TA will be proxyed to untrusted kernel.


The memory mappings should be taken care so that the untrusted kernel can access the isolated app's memory during syscall.


Of course, I am omitting various other details for this message.


But, is this feasible? Are there limitations on the maximum amount of secure memory? or Am I missing something obvious (Most likely)?


-Best

Aravind