Hi Antonio,

·       I have provided fix for this issue: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/18676

 

The fix turned out to be quite simple.

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com

 

 

From: Antonio De Angelis <Antonio.DeAngelis@arm.com>
Sent: 5 January 2023 15:19
To: Hunko Bohdan (CSUKR CSS ICW SW FW 3) <Bohdan.Hunko@infineon.com>; tf-m@lists.trustedfirmware.org
Subject: RE: MbedCrypto linking problem in isolation L3

 

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

 

Hi Bohdan,

 

Thanks for the clarification. I’d wrongly assumed that level 3 was implementing partition isolation boundaries by default for our ref platforms.

 

You’re right, mbedcrypto code should be linked correctly with the crypto partition sections by default, so that if any platform implements partition isolation, they would be able to call into the library without faults at runtime.

 

Given that you seem to be already on top of the issue, if you want to provide a fix for that, we will gladly review and merge. You would be also in the best position for testing it as you’re implementing the partition isolation on your platform as well.

 

Thanks,

Antonio

 

From: Bohdan.Hunko@infineon.com <Bohdan.Hunko@infineon.com>
Sent: Thursday, January 5, 2023 12:25
To: Antonio De Angelis <Antonio.DeAngelis@arm.com>; tf-m@lists.trustedfirmware.org
Subject: RE: MbedCrypto linking problem in isolation L3

 

Hi Antonio,

 

You are correct, the current implementation of L3 isolation works fine. This is because in current implementations Crypto partition is executed with same privilege rights as SPM, so it has access to code/data from SPM linker sections (.ER_TFM_CODE, .TFM_DATA).

 

BUT PSA allows a platform to implement optional isolation boundaries. One of such boundaries is isolation SPM from PSA RoT partitions. So if SPM is isolated from Crypto then crypto cant access code/data from SPM linker sections (.ER_TFM_CODE, .TFM_DATA). This results in security fault.

 

This is not a problem for existing platforms because none of them implement optional L3 isolation, but this is a problem we are facing because we are implementing optional L3 isolation boundaries for our platform.

 

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com

 

 

From: Antonio De Angelis <Antonio.DeAngelis@arm.com>
Sent: 5 January 2023 13:41
To: Hunko Bohdan (CSUKR CSS ICW SW FW 3) <Bohdan.Hunko@infineon.com>; tf-m@lists.trustedfirmware.org
Subject: RE: MbedCrypto linking problem in isolation L3

 

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

 

Hi Bohdan,

 

Could you share more details on the issue you mention? E.g. platform tested. We currently have regressions tests for the Crypto service on isolation level 3 that exercise APIs from the Crypto partition. I’d doubt that those tests would work in our CI if mbedcrypto wasn’t linked correctly in the Crypto partition.

 

More specifically, please note that the PSA crypto symbols that come from mbedcrypto, before linking, are prefixed with the “mbedcrypto__” using preprocessor modification at compile time.

 

Thanks, Antonio

 

From: Bohdan.Hunko--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Thursday, January 5, 2023 10:33
To: tf-m@lists.trustedfirmware.org
Subject: [TF-M] MbedCrypto linking problem in isolation L3

 

Hi all,

 

After having some troubles with isolation level 3 I have noticed that MbedTLS (mbedcrypto) data/code is not properly linked to crypto partition.

 

Currently mbed crypto data/code is placed into SPM data/code section in level 3 isolation. This is a problem if optional L3 FFM boundaries are applied (when SPM is isolated from PSA RoT partition (Crypto in particular)) because in this case crypto partition does not have access to the mbedcrypto code/data that is located in SPM code/data sections.

 

I think Mbedcrypto data/code should be linked to crypto partition and placed in crypto partition linker section. This way it will be protected to be accessible by crypto partition.

 

So my question is whether this should be fixed or there are objectives to not fix this issue?

 

If fix is needed I would like to discuss possible ways to solve this problem.

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com