Hi,

 

Reading through https://tf-m-user-guide.trustedfirmware.org/integration_guide/non-secure_client_extension_integration_guide.html I’m wondering why so much of the work is done in the secure world. Ultimately, the secure world relies on the non-secure world to tell it the client_id, directly or indirectly. Is there a good reason for the NCSE part to reside in the secure world, rather than the non-secure?

Particularly as the document states that the non-secure RTOS may have a built-in “Secure Context Manager”, there may well be redundancy between that and NCSE that could be eliminated if the NCSE was in the NSPE. And the less code there is in the secure world, the less scope for vulnerabilities.

 

If client_ids themselves were passed from the NS to the S world, it would probably be very easy to use that same interface on the NS core in a dual core system, too.

 

Chris