Page MenuHomePhabricator

Enable privileged execution of PSA RoT services in isolation level 3
Open, LowPublic

Description

At present, all secure services are run in unprivileged compartments at level 3 isolation.
PSA RoT services need not be limited to unprivileged execution.
Privileged access is needed for specific functionality that is at present mandated to TF-M Core as the only privileged entity but which could be implemented as PSA RoT services.

Enable privileged execution of PSA RoT services in isolation level 3 to avoid unnecessary limitations and unblock privileged PRoT service implementation at level 3 isolation.

Implementation note: PSA RoT service implementation should be limited to bare essentials that do require privileged execution. All other functionality that has no requirement for privileged access to system resources should as a general rule be implemented by unprivileged Application RoT servies.

Event Timeline

wmnt triaged this task as Low priority.Nov 12 2018, 7:33 AM
wmnt created this task.