Page MenuHomePhabricator

NSPE parameter checking of iovecs
Closed, ResolvedPublic


The NSPE parameter checking is missing in current patches:

And the comments:
Consider dual core system like PSoC6 or MPS2 we are currently working on.
Would you really want to allow NSPE client to cause panic on secure core that easily? As i see it panic should be triggered on the caller core when possible.
There are cases like invalid handle which you cannot assert on the caller side as you need to access to SPM internal state. Or pointers to caller inaccessible memory inside in/out vectors.
But this is a simple sanity check i'm suggesting to add. We already have C code which compiled as a part of NSPE application. So it very easy to handle.
On the other hand you must not relay on this validations only in secure side as an offending code can call SG directly without going through TF-M veneers.

To be investigated, create an issue for tracking.

Event Timeline

KenLSoft triaged this task as Normal priority.Jan 22 2019, 8:04 AM
KenLSoft created this task.
KenLSoft created this object with edit policy "Subscribers".

NSPE parameter checking of iovecs, With also checking all missed patch. These missed patched are used to take look, When you decided to check all the mention informative material you understand how and in which way it important to share.

KenLSoft closed this task as Resolved.Fri, Oct 8, 12:57 AM