Hi everyone,
I have several questions related to L3 isolation in TFM.
First of all, FFM specifies that:
* In L3 PSA RoT partitions does not need to be isolated from SPM (and vice versa) * PSA RoT partitions does not need to be isolated from each other * PSA RoT partitions and SPM must be isolated from APP RoT partitions * APP RoT partitions must be isolated from each other This picture from TFM docshttps://tf-m-user-guide.trustedfirmware.org/docs/technical_references/design_docs/secure_partition_manager.html#components-and-isolation-levels seem to illustrate statements above.
Currently platforms with L3 support (e.g. an521) follow the rules stated above. They achieve this by executing PSA RoT partitions and SPM in privileged mode, and APP RoT partitions in unprivileged mode. Partition boundaries are only updated when switching to APP RoT partition. From description of tfm_hal_activate_boundary (see code herehttps://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/spm/ffm/backend_ipc.c#n276) and this an521 codehttps://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/arm/mps2/an521/tfm_hal_isolation.c#n520 seems like platform can determine whether partition will be executed in privileged or unprivileged mode.
So my questions are:
1. For improved isolation in L3 does it make sense to:
* isolate SPM from PSA RoT partitions * isolate PSA RoT partitions from each other (like APP RoT partitions are isolated)
1. If question 1 make sense then can platform achieve this improved isolation with current code base? From this an521 codehttps://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/arm/mps2/an521/tfm_hal_isolation.c#n520 it seems like platform may set all partitions to be executed in unprivileged mode and dynamically switch boundaries between them (between both PSA and APP RoT partitions). SPM will remain in privileged mode. It seems like this approach is possible with minor changes to SPM. For example this code will needhttps://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/secure_fw/spm/ffm/interrupt.c#n157 to be changed to call tfm_hal_activate_boundary regardless of partition privilege level. Are there any other changes needed to make this approach work?
Regards,
Bohdan Hunko
Cypress Semiconductor Ukraine Engineer CSUKR CSS ICW SW FW Mobile: +38099 50 19 714 Bohdan.Hunko@infineon.commailto:Bohdan.Hunko@infineon.com