Tf-M: Core: Remove the NS memory check block from has_access_to_region(...)
Closed, ResolvedPublic

Description

Description:
In case an unprivileged non-secure caller, the has_access_to_region function should return error if privileged memory is provided as a parameter. In the current implementation the cmse_check_address_range return error as expected, but there is a fallback in the function to return success if the region is in the non-secure memory.

Fix:

/* If all else fails, check whether the region is in the non-secure
 * memory
 */
if ((check_address_range(p, s, NS_CODE_START,
                         NS_CODE_LIMIT) == TFM_SUCCESS) ||
    (check_address_range(p, s, NS_DATA_START,
                         NS_DATA_LIMIT) == TFM_SUCCESS)) {
    return TFM_SUCCESS;
} else {
    return TFM_ERROR_GENERIC;
}

needs to be removed

matetothpal triaged this task as Normal priority.
matetothpal closed this task as Resolved.Mon, Oct 28, 10:13 AM

The fix for the issue had been merged with another commit: https://review.trustedfirmware.org/#/c/trusted-firmware-m/+/1571/