Hi all,
I noticed that partition log subsystem uses stdio_output_string through following chain of calls tfm_hal_output_sp_log => SVC TFM_SVC_OUTPUT_UNPRIV_STRING => tfm_hal_output_spm_log => stdio_output_string. SVC handler doesn't validate arguments, so it's allows APP RoT partitions to access PSA RoT memory via partition log subsystem. It seems that tfm_hal_memory_check must be called on SVC handler to validate permissions.
Best Regards, Roman.
Hi Roman,
Thanks for reporting this, will ping you and let's discuss in a secure channel for such issues.
/Ken
From: Roman.Mazurak--- via TF-M tf-m@lists.trustedfirmware.org Sent: Monday, December 4, 2023 10:07 PM To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Partition log write UART without validation of permissions.
Hi all,
I noticed that partition log subsystem uses stdio_output_string through following chain of calls tfm_hal_output_sp_log => SVC TFM_SVC_OUTPUT_UNPRIV_STRING => tfm_hal_output_spm_log => stdio_output_string. SVC handler doesn't validate arguments, so it's allows APP RoT partitions to access PSA RoT memory via partition log subsystem. It seems that tfm_hal_memory_check must be called on SVC handler to validate permissions.
Best Regards, Roman.
tf-m@lists.trustedfirmware.org
-
Ken Liu -
Roman.Mazurak@infineon.com