On Mon, Apr 15, 2019 at 02:52:56PM +0000, Tamas Ban via TF-M wrote:
Actually the design doc propose to use a distinct security counter from image version (ih_ver in header). But in the most simple case this security counter can be derived from the image version, to have the exact same value (ignoring the build number).
The image signature cover these continues blocks in memory:
- image header
- image
- some part of TLV section (currently not covered, but due to multi image support it is planned to introduce a signed TLV section)
Because these are contiguous regions in the memory it is not possible to place only the (header + TLV section) to the trusted memory but miss out the image itself (at least I cannot see how to solve)
Could the trusted memory contain a version field, and perhaps a hash of the image?
David
tf-m@lists.trustedfirmware.org