Hi All,
Just a note to let you know that the changes [1] mentioned in the previous e-mail have been merged. Platforms facing a similar
problem can use these changes as a reference.
Regards,
Manish Badarkhe
From:
Manish Badarkhe <Manish.Badarkhe@arm.com>
Date: Thursday, 7 April 2022 at 15:21
To: tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.org>
Subject: Issue in HW config consumption by secure BL components
Hi All,
Currently, in Arm platforms, BL2 loads HW config in the non-secure memory so that it can be consumed by both non-secure
components (BL33) and secure (BL31, BL32) components.
In most cases, this shouldn't be an issue since no software runs in non-secure world at this time (i.e. non-secure world has not
been started yet) However, it doesn't provide a guarantee though since any malicious external NS-agents (such as an external
debugger)can take control of this memory region for update/corruption after BL2 loads this region and before BL31 consumes
it. Consider below scenario:
behaviour in BL31.
To overcome this issue, I created a patch [1] to load the HW-config into secure memory, and that eventually will be used by
BL31/sp_min and BL32 components. Additionally, BL31/sp_min copies the HW-config present in secure memory to a non-secure
location before passing it on to BL33. In order to accomplish this, mapped secure DRAM in BL31/sp_min and BL32, and non-secure
DRAM in BL31/sp_min.
I believe some platforms may have similar kind of issue i.e. HW config placed in non-secure memory consumed by both secure and
non-secure components. It is appreciated if you review the patch [1] I posted and provide feedback.
This patch [1] also mitigates threat ID #3 for FVP platform as per the TF-A threat model [2] (Bypass image authentication scenario).
[2]:
https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
Thanks,
Manish Badarkhe