NSPE parameter checking of iovecs
Open, NormalPublic

Description

The NSPE parameter checking is missing in current patches:
459

And the comments:
Consider dual core system like PSoC6 or MPS2 we are currently working on.
Would you really want to allow NSPE client to cause panic on secure core that easily? As i see it panic should be triggered on the caller core when possible.
There are cases like invalid handle which you cannot assert on the caller side as you need to access to SPM internal state. Or pointers to caller inaccessible memory inside in/out vectors.
But this is a simple sanity check i'm suggesting to add. We already have C code which compiled as a part of NSPE application. So it very easy to handle.
On the other hand you must not relay on this validations only in secure side as an offending code can call SG directly without going through TF-M veneers.

To be investigated, create an issue for tracking.

KenLSoft created this task.Jan 22 2019, 8:04 AM
KenLSoft triaged this task as Normal priority.
KenLSoft created this object with edit policy "Subscribers".