Thanks for your check. Would you also backport the patch to TF-M 1.4?

Hi ioannisg,

I think you're right.
The Secure PendSV is masked by NSPE, although it has the same priority value 0x80.
It has to have a lower value to preempt the NSPE, having an equal priority value does not work.

Merged https://review.trustedfirmware.org/c/hafnium/hafnium/+/10759

Note: Feedback to the PSA spec team for a priority value to be associated to each JSON file for those configurations where we have multiple accelerators available.

The spec currently defines an attribute for an entry point (or family of) in the JSON file, i.e. algorithms, which is used by the core to decide if the entry point needs to be applied for a particular algorithm or not. The JSON file is meant to be consumed as a description of the driver by the mbedTLS parser at build time, in order to link the driver entry points properly into the driver core.

After additional analysis, the summary of the discussion is that these entry points are more suited to be implemented for an hardware which implements a fast way to provide random numbers. CC-312 exposes a TRNG source through the get_entropy entry point, but the remaining part of the DRBG algorithms is implemented in firmware (possibly only partially accelerating parts of them through the driver crypto core transparently calling into the driver from within its own software implementation). For this reason, I am marking this item as Won't do.

Verified by building qemu 6.1.0 from source as it's been released on 24/08. Regression for AN521 passes without problem on this version. Closing this ticket with a recommendation to re-enable Open CI test cases based on Qemu after upgrading the Qemu version available in Open CI to 6.1.0.

fix change need to review at:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/11218