Sorry Andrew I was not precise enough. Maybe you can clarify again.

 

I was referring to the Code Protection between “PSA Root of Trust” and the “Secure Services”.

 

From my understanding, in isolation level 2 code of the PSA Root of Trust should be not accessible by Secure Services.

This creates the practical problem that library code cannot be shared.

 

Table 5 in PSA-FF describes “Optional Isolation Rules”.  Is my understanding correct that PSA-FF does not require code execution protection between “PSA Root of Trust” and the “Secure Services”.

 

Reinhard