Identity the source of a given handle to know if it is an NSPE handle or SP handle. This avoids malicious NSPE thread peek information from secure side.
Description
Description
Event Timeline
Comment Actions
isolation level 3 assumes mutual distrust between secure partitions.
we need to save connection "owner" client ID and not only secure domain origin.
consider following use case:
- there is a long lived connection between two secure services. It is created during initialization sequence.
- connection policy is validated upon connection creation - ns_caller && !service->service_db->non_secure_client
- offending NSPE client guesses a connection handle for secure->secure service connection mentioned above. This is probably not to hard given handles are just indexes in array without random factor.
- offending NSPE client performs psa_call.
TF-M must assert that the connection is "owned" by the caller.