NSPE parameter checking of iovecs
Closed, InvalidPublic

Description

The NSPE parameter checking is missing in current patches:
459

And the comments:
Consider dual core system like PSoC6 or MPS2 we are currently working on.
Would you really want to allow NSPE client to cause panic on secure core that easily? As i see it panic should be triggered on the caller core when possible.
There are cases like invalid handle which you cannot assert on the caller side as you need to access to SPM internal state. Or pointers to caller inaccessible memory inside in/out vectors.
But this is a simple sanity check i'm suggesting to add. We already have C code which compiled as a part of NSPE application. So it very easy to handle.
On the other hand you must not relay on this validations only in secure side as an offending code can call SG directly without going through TF-M veneers.

KenLSoft created this task.Jan 22 2019, 1:23 AM
KenLSoft triaged this task as High priority.
KenLSoft created this object with edit policy "Subscribers".
KenLSoft updated the task description. (Show Details)
KenLSoft updated the task description. (Show Details)
KenLSoft updated the task description. (Show Details)Jan 22 2019, 1:26 AM
KenLSoft renamed this task from PSA FF alignment todo list to NSPE parameter checking of iovecs.Jan 22 2019, 7:59 AM
KenLSoft lowered the priority of this task from High to Normal.
KenLSoft updated the task description. (Show Details)
KenLSoft closed this task as Invalid.Jan 22 2019, 8:01 AM
KenLSoft raised the priority of this task from Normal to High.
KenLSoft removed subscribers: alzix, matetothpal.