Slide 13
Slide 13 text
Real-time Kernel Protection
• Implemented in TrustZone or hypervisor
• Depends on device model, for S7 edge (SM-G9350), it’s
TrustZone
• CONFIG_TIMA_RKP , CONFIG_RKP_KDP
• Targeted features via samsungknox.com:
• “completely prevents running unauthorized privileged code”
• “prevents kernel data from being directly accessed by user
processes”
• “monitors some critical kernel data structures to verify that
they are not exploited by attacks”