Hi,
I saw that PSA_FRAMEWORK_HAS_MM_IOVEC is not permitted for Isolation level 2-3 and
transient copies of the input and output data into a 5KB scratch buffer are always made when making a PSA call.
This makes sense as FF-Mv1.1 states:
“In a system using isolation level 3, a Secure Partitions is not permitted to access another Secure
Partition’s Private data. MM-IOVEC can provide a mechanism for one Secure Partition to access the
other’s Private data.”
But I think the requirements for isolation level 3 could be fulfilled by:
If SP detects a Secure caller, it could make a transient copy of I/O data.
If SP detects a Non-Secure caller, it could use MMIOVECs or a similar method to access NS memory directly to avoid overhead and limitations of copying the I/O data.
Is this logical/ correct?
With this approach, an attacker may tamper NS input data while the RoT service is processing those data but rules of isolation level 3 are maintained.
Regards,
Brian Quach
SimpleLink MCU
Texas Instruments Inc.