Hey Brian
In the general case, I believe there is a copy made inside the SPM. The SPM would copy the data from the input buffer into an internal SPM buffer, and the partition being called can then access that data via psa_read and psa_write (the partition can't directly access the data because it is in SPM memory IIRC).
If MEMORY_MAPPED_IOVECS is enabled, the transient buffers and copy is removed. Currently, memory-mapped IOVECS is only possible to be enabled in isolation level 1, for exactly the reason you describe.
I believe it should be possible in theory to enable memory-mapped IOVECS for higher isolation levels by updating the isolation boundaries in the SPM during the call to the partition, but I don't think we have such a change on our roadmap at the moment.
Raef
________________________________________ From: Quach, Brian via TF-M tf-m@lists.trustedfirmware.org Sent: 01 May 2024 23:14 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Isolation Level 2/3 IO vector access
Hi,
For Isolation Level 2, ARoT cannot access PRoT data. If PRoT partition makes a call to ARoT partition, how are the input/output buffers made accessible to the ARoT partition so a transient copy of the data can be made? I looked at the AN521 implementation of tfm_hal_activate_boundary() and it does add any MPU regions to allow unprivileged access under Isolation Level 2.
For Isolation Level 3, I assume the input/output buffers would need to added to a runtime memory asset to allow unprivileged access. Is my understanding correct?
Regards,
Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076