Page MenuHomePhabricator
Create Task
Maniphest T871

Optimize NS client iovecs parameter copies
Open, Needs TriagePublic
Actions

Description

This patch improves the protection of NS client iovecs against TOCTOU in Library model.

It copies NS input and output data buffer addresses from NSPE memory to a SPE local temporary buffer, before they are validated by TF-M, to prevent another agent besides MCU in the system from tampering the NS input/output data buffer addresses.

Those iovec parameters are copied into secure partition runtime data later. The copy operation above may bring additional latency. The two copy operations can be optimized, which may require to adjust the Library model sequence of preparing client call.

Disabling interrupt during the entire sequence may bring a large latency. It can be optimized when NS iovec parameters are already copied into SPE memory before validation.

Event Timeline

ArturoWilderman added a subscriber: ArturoWilderman.Nov 30 2024, 3:12 AM

Very good, the program system is installed to match the data.
@Merge Fruit

ConstantLove added a subscriber: ConstantLove.Dec 6 2024, 4:48 PM

After implementing optimization, rigorous performance testing is conducted to quantify the effectiveness of delay improvement, ensuring that it does not have a negative impact on system performance while enhancing eggy car security.

eachhabitual added a subscriber: eachhabitual.Thu, Dec 19, 7:30 AM

Slice Master, the third version, is an engrossing online game that blends innovative challenges with precise gameplay. Get better at slicing, complete levels, and experience the exhilarating rush of flawless cuts!