Hi,
There are a v8.0m re-entrant detecting mechanism inside SPM: 'tfm_spm_validate_caller'. For v8.1-M, it has hardware reentrant detection so it does not need a software solution.
The concept is to let SVC handler check these points to see if a reentrant is happening:
* If the return address is inside of NS Agent partition. * If the LSB of LR is ZERO. * Check if stacked frame equals a standard exception frame size.
This mechanism has proven its integrity, but has these shortages:
* It needs an SVC, while SPM are going forward to work under thread mode. * The frame size checking is complex, we need to take care if NSPE is applying FPU or not, different configurations has different frame size.
Hence I moved this mechanism into NS Agent partition, just the veneer part after SG, by checking if current PSP_S is pointing to a SEAL (We don't use stack before calling into PSA API so stack is totally clear).
I did several times emulation and it looks fine. Now I need your help to review on this part, to see if there are risks on updated mechanism.
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/11003
Thanks.
/Ken
tf-m@lists.trustedfirmware.org