What I found so far is that
- Application requests TA service using qseecom kernel driver.
- Monitor route that request and TA handles the request in Secure world and return the result.(generated private key).
- The application get the result(something like generated private key).
But if the host OS(linux) was compromised,
- Hacker can see communication between the application and the kernel driver.
- And the make another same request to that TA and can to same thing(get the private key in this case.)
So is there any access control method or authentication on SVC call to the TA? I want to make the TA not responding if the host(linux) was compromised.
