Page MenuHomePhabricator

Optimize NS client iovecs parameter copies
Open, Needs TriagePublic

Description

This patch improves the protection of NS client iovecs against TOCTOU in Library model.

It copies NS input and output data buffer addresses from NSPE memory to a SPE local temporary buffer, before they are validated by TF-M, to prevent another agent besides MCU in the system from tampering the NS input/output data buffer addresses.

Those iovec parameters are copied into secure partition runtime data later. The copy operation above may bring additional latency. The two copy operations can be optimized, which may require to adjust the Library model sequence of preparing client call.

Disabling interrupt during the entire sequence may bring a large latency. It can be optimized when NS iovec parameters are already copied into SPE memory before validation.

Event Timeline