Hi all,

 

It seems that on v2.0 there is a problem with FLIH handling during execution of SPM thread.

1. A partition #1 is running with unprivileged attribute (CONTROL.nPRIV = 1).
2. It requests PSA API (for example psa_call).
3. psa_call is serviced via SVC. prepare_to_thread_mode_spm schedules handling of psa_call in SPM thread mode (by prepare_to_thread_mode_spm).
4. prepare_to_thread_mode_spm saves CONTROL to saved_control. Than set CONTROL.nPRIV = 0 (privileged for SPM thread).
5. Exit from SVC starts execution of tfm_spm_client_psa_call in SPM thread (privileged).
6. SPM thread is interrupted by FLIH IRQ.
7. FLIH IRQ handler calls spm_handle_interrupt.
8. spm_handle_interrupt switches boundary to prepare environment for FLIH handler (partition #2) and schedules execution of FLIH handler.
9. FLIH handler is executed.
10. tfm_flih_return_to_isr is called on exit from FLIH handler. It restores boundary of partition #1 and set CONTROL.nPRIV = 1. Than returns to FLIH IRQ handler.
11. FLIH IRQ handler exit to SPM thread that has been interrupted on step #6.
12. SPM thread have no enough permissions, because it’s running with CONTROL.nPRIV equal to 1 (unprivileged). So, processing environment is unprivileged and tfm_spm_client_psa_call fails on accessing restricted resource.

 

Does my understanding correct? If yes it means that we should fix exit from FLIH to SPM thread.

 

Regards,

Roman.