Hi,

 

I have been working on TZ stuff recently and found small problem in an521 platform protections.

The problem is in SAU config.

sau_cfg in platform/ext/target/arm/mps2/an521/target_cfg.c has entry for NSPE code:

    {

        ((uint32_t)NS_PARTITION_START),

        ((uint32_t)NS_PARTITION_START +

        NS_PARTITION_SIZE - 1),

        false,

    },

Where both NS_PARTITION_START and NS_PARTITION_SIZE are 32 bytes aligned, which means that when 1 is subtracted lower 5 bits are getting set to 1, for example:

0x1000_0000 + 0x1000 – 1 = 0x10000FFF

Then in sau_and_idau_cfg() function lower 5 bits are cleared by the mask:

sau_cfg[i].RLAR & SAU_RLAR_LADDR_Msk

 

This means that in reality highest 32 bytes of NSPE are protected as Secure in SAU.

 

Same problem is present for SECONDARY_PARTITION_SIZE SAU entry.

 

This is not huge problem, but still worth fixing.

 

I believe other arm and TZ platforms may also have this bug, but I haven’t checked in details.

 

 

Regards,

Bohdan Hunko

 

Cypress Semiconductor Ukraine

Engineer

CSUKR CSS ICW SW FW

Mobile: +38099 50 19 714
Bohdan.Hunko@infineon.com