Page MenuHomePhabricator

Tf-M: Core: tfm_memory_check should be called privileged=true in case of NS caller
Closed, ResolvedPublic

Description

tfm_memory_check uses the cmse_check_address_range function to check whether the current (S or NS) MPU settings allow the caller to access the memory region provided to the function.

In the current call sites the 'privileged' parameter of the function is calculated with the tfm_spm_partition_get_privileged_mode(...); function, which returns unprivileged for NS callers. When tfm_core_has_[read|write]_access_to_region is called with the 'privileged' field calculated earlier, that function sets the flag passed to cmse_check_address_range to CMSE_MPU_UNPRIV if 'privileged' is false.

cmse_check_address_range uses the TT (TTT, TTA, TTAT) instructions to check access. If 'privileged' is set to false, the TTT and TTAT instructions are used, which are checking the MPU states from the viewpoint of unprivileged access.

This means that if a privileged NS code called the secure service, the memory check will fail if the code provided a privileged memory area in the iovecs.

Fix:
In tfm_core_has_[read|write]_access_to_region CMSE_MPU_UNPRIV flags should not be added if the caller is NS.

Event Timeline

matetothpal triaged this task as Normal priority.Oct 21 2019, 6:47 AM
matetothpal created this task.
matetothpal closed this task as Resolved.Jan 13 2020, 9:34 AM

Change for this issue had been merged

Our site is available 24/7 which makes it extremely convenient to access whenever you need Goa escorts services . Our Goa Call Girls are only chosen after a careful screening process so that you can have absolute confidence that you will be able to make your time with them as enjoyable as possible.Additionally, we ensure that our escortss are properly trained in everything from hygiene to safety precautions, ensuring your maximum satisfaction and protection.

When is the Undertale Yellow status of using this setting?
I want to know more specifically about your program.