Hi all,

 

This email is a notification of a new security vulnerability reported to TF-M.

In TF-M v1.4.0, NSPE may access secure keys stored in TF-M Crypto service in Profile Small with Crypto key ID encoding disabled.

This vulnerability impacts Profile Small in TF-M v1.4.0.

 

Please check the details in the security advisory. The advisory has been merged in v1.5.0 release and will be port back to master branch.

 

The fix has been merged on the master branch and patch release v1.4.1.

 

Thanks.

 

Best regards,

Hu Ziji