Hi,

 

There are a v8.0m re-entrant detecting mechanism inside SPM: ‘tfm_spm_validate_caller’. For v8.1-M, it has hardware reentrant detection so it does not need a software solution.

 

The concept is to let SVC handler check these points to see if a reentrant is happening:

 

• If the return address is inside of NS Agent partition.
• If the LSB of LR is ZERO.
• Check if stacked frame equals a standard exception frame size.

 

This mechanism has proven its integrity, but has these shortages:

 

• It needs an SVC, while SPM are going forward to work under thread mode.
• The frame size checking is complex, we need to take care if NSPE is applying FPU or not, different configurations has different frame size.

 

Hence I moved this mechanism into NS Agent partition, just the veneer part after SG, by checking if current PSP_S is pointing to a SEAL (We don’t use stack before calling into PSA API so stack is totally clear).

 

I did several times emulation and it looks fine. Now I need your help to review on this part, to see if there are risks on updated mechanism.

 

https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11003

 

Thanks.

 

/Ken