Hello Bohdan,
Answers for your questions:
- AN521 reference chooses an efficient way to save MPU regions that do not isolate the code between ARoT and PRoT, as FF-M isolation rules require isolating Private Data as mandatory
but make isolation CODE optional (so does RODATA). Optional rules are for advanced isolation implementation. Check the isolation rules ‘I3’ in the FF-M specification.
- For SPM data, yes, we use privileged default access for SPM data to save one region. Under level 3, each partition is assigned borders because this could ease the tool and isolation
implementation. If some platforms want to advance the isolation they can pick up the symbols and set proper MPU regions for them – Even though in the reference implementations we do not isolate SPM data and PRoT partition data which makes the border symbols
look no use. For tooling, it can just use a loop to process the partition manifests one by one instead of special hackings for PRoT (Skip the border generating when PRoT e.g.).
BTW, we are cleaning up the implementation, for example, when PRoT partitions run under a privileged level, the MPU region settings actually no longer needed. Hope that would help the code reading.
BR
/Ken
From: Bohdan.Hunko--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Thursday, October 20, 2022 8:38 PM
To: tf-m@lists.trustedfirmware.org
Cc: Roman.Mazurak@infineon.com
Subject: [TF-M] an521 L3 protection setting questions
Hi all,
I have a few questions regarding an521 platform protection settings for Level 3 isolation.
In platform/ext/target/arm/mps2/an521/tfm_hal_isolation.c there is an
const static struct mpu_armv8m_region_cfg_t region_cfg[] – for L3 it specifies to protect:
- Code (from Image$$PT_RO_START$$Base to Image$$PT_RO_END$$Base) to be accessible in both PRIV and UNPRIV states.
- PSA RoT partitions data in RAM (from Image$$PT_PRIV_RWZI_START$$Base to Image$$PT_PRIV_RWZI_END$$Base)to be accessible only in UNPRIV state.
- TFM_SP_META_PTR to be accessible in both PRIV and UNPRIV states.
Also in this file mpu_armv8m_enable() function call specifies PRIVILEGED_DEFAULT_ENABLE for MPU.
I have following question to this configuration
- Does this configuration mean that in L3 PSA RoT code is not isolated from APP RoT (APP RoT can read/execute PSA RoT domain code)?
- How SPM data (TFM_BSS and TFM_DATA sections from scatter file) is protected? I cant see it being protected by MPU.
- Is it skipped because PRIVILEGED_DEFAULT_ENABLE is set which means that SPM will be able to access this data and this allows to save one MPU region?
- If so then why MPU region is used for PSA RoT partitions data?
Regards,
Bohdan Hunko
Cypress Semiconductor Ukraine
Engineer
CSUKR CSS ICW SW FW
Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com