Hi, Wiklander
For platforms that don't enable pager, is it because that the on-chip SRAM is not big enough to hold the whole pager?
Yes and also because DDR may be secure enough for various reasons.
Do you mean that in mobile devices DRAM and CPU can be put in one package by package-on-package (PoP) technology ? Although this technology can improve the physical security of DRAM, physical attackers still can de-package the SoC and perform board-level attacks, whose cost is not high. For example, attacks on XBOX [1] and DS5002FP [2].
We know that DRAM is vulnerable to cold boot attacks and bus monitor attacks, which makes TrustZone cannot achieve the same security level with Intel SGX. And I think pager is a good technology which makes it possible that TrustZone achieves the same security level as SGX.
I have run pager in i.mx6q board, and find that pager requires more than 180 KB OCM, which might be too large for some devices. Recently I'm doing a research that can reduce the size of code and data residing in OCM (i.e., pager), and current experiment shows that less than 100 KB is enough.
1. Huang A. acking the Xbox: an introduction to reverse engineering[J]. 2002. 2. Kuhn M G. Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP[J]. IEEE Transactions on Computers, 1998, 47(10): 1153-1157.
Best Regards, Shijun Zhao