Hi Bohdan,

 

Could you share more details on the issue you mention? E.g. platform tested. We currently have regressions tests for the Crypto service on isolation level 3 that exercise APIs from the Crypto partition. I’d doubt that those tests would work in our CI if mbedcrypto wasn’t linked correctly in the Crypto partition.

 

More specifically, please note that the PSA crypto symbols that come from mbedcrypto, before linking, are prefixed with the “mbedcrypto__” using preprocessor modification at compile time.

 

Thanks, Antonio

 

 

Hi all,

 

After having some troubles with isolation level 3 I have noticed that MbedTLS (mbedcrypto) data/code is not properly linked to crypto partition.

 

Currently mbed crypto data/code is placed into SPM data/code section in level 3 isolation. This is a problem if optional L3 FFM boundaries are applied (when SPM is isolated from PSA RoT partition (Crypto in particular)) because in this case crypto partition does not have access to the mbedcrypto code/data that is located in SPM code/data sections.

 

I think Mbedcrypto data/code should be linked to crypto partition and placed in crypto partition linker section. This way it will be protected to be accessible by crypto partition.

 

So my question is whether this should be fixed or there are objectives to not fix this issue?

 

If fix is needed I would like to discuss possible ways to solve this problem.

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com