Hi Ken

This is exactly what I thought.

Thanks for the answers.

Regards,

Bohdan Hunko

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com

From: Ken Liu <Ken.Liu@arm.com>
Sent: Friday, 21 October 2022 04:36
To: Hunko Bohdan (CSUKR CSS ICW SW FW 3) <Bohdan.Hunko@infineon.com>; tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>; Mazurak Roman (CSUKR CSS ICW SW FW) <Roman.Mazurak@infineon.com>
Subject: RE: an521 L3 protection setting questions

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

Hello Bohdan,

Answers for your questions:

AN521 reference chooses an efficient way to save MPU regions that do not isolate the code between ARoT and PRoT, as FF-M isolation rules require isolating Private Data as mandatory but make isolation CODE optional (so does RODATA). Optional rules are for advanced isolation implementation. Check the isolation rules ‘I3’ in the FF-M specification.

For SPM data, yes, we use privileged default access for SPM data to save one region. Under level 3, each partition is assigned borders because this could ease the tool and isolation implementation. If some platforms want to advance the isolation they can pick up the symbols and set proper MPU regions for them – Even though in the reference implementations we do not isolate SPM data and PRoT partition data which makes the border symbols look no use. For tooling, it can just use a loop to process the partition manifests one by one instead of special hackings for PRoT (Skip the border generating when PRoT e.g.).

BTW, we are cleaning up the implementation, for example, when PRoT partitions run under a privileged level, the MPU region settings actually no longer needed. Hope that would help the code reading.

/Ken

From: Bohdan.Hunko--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Thursday, October 20, 2022 8:38 PM
To: tf-m@lists.trustedfirmware.org
Cc: Roman.Mazurak@infineon.com
Subject: [TF-M] an521 L3 protection setting questions

Hi all,

I have a few questions regarding an521 platform protection settings for Level 3 isolation.

In platform/ext/target/arm/mps2/an521/tfm_hal_isolation.c there is an const static struct mpu_armv8m_region_cfg_t region_cfg[] – for L3 it specifies to protect:

Code (from Image$$PT_RO_START$$Base to Image$$PT_RO_END$$Base) to be accessible in both PRIV and UNPRIV states.
PSA RoT partitions data in RAM (from Image$$PT_PRIV_RWZI_START$$Base to Image$$PT_PRIV_RWZI_END$$Base)to be accessible only in UNPRIV state.
TFM_SP_META_PTR to be accessible in both PRIV and UNPRIV states.

Also in this file mpu_armv8m_enable() function call specifies PRIVILEGED_DEFAULT_ENABLE for MPU.

I have following question to this configuration

Does this configuration mean that in L3 PSA RoT code is not isolated from APP RoT (APP RoT can read/execute PSA RoT domain code)?
How SPM data (TFM_BSS and TFM_DATA sections from scatter file) is protected? I cant see it being protected by MPU.