Hi all,
I noticed that partition log subsystem uses stdio_output_string
through following chain of calls tfm_hal_output_sp_log => SVC TFM_SVC_OUTPUT_UNPRIV_STRING => tfm_hal_output_spm_log => stdio_output_string. SVC handler doesn't validate arguments, so it's allows APP RoT partitions to access PSA RoT memory via partition
log subsystem.
It seems that tfm_hal_memory_check must be called on SVC handler
to validate permissions.
Best Regards,
Roman.