Hi Guys,
I am working on enabling BTI (and PAC) in trusted-services and I have a question about the topic.
If BTI is disabled in OPTEE, but someone tries to load an SP which was compiled with BTI (contains the related gnu note property) it will be successful. This seems to be a security rish and I am thinking of either panicking or at least sending an error message to remind the user that the requested protection will not be enabled.
As I know there are common parts between TA-s and SP-s loaded by ldelf so I am not sure whether panicking in this scenario will result in any problems or not. What do you think of this proposal? Do you know of any reasons why BTI protected SP-s should be loadable by BTI disabled OPTEE?
Thanks in advance!
Gábor