diff options
Diffstat (limited to 'secure_fw/core/tfm_core_mem_check.c')
-rw-r--r-- | secure_fw/core/tfm_core_mem_check.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/secure_fw/core/tfm_core_mem_check.c b/secure_fw/core/tfm_core_mem_check.c index 62df3fd8f4..6e65102029 100644 --- a/secure_fw/core/tfm_core_mem_check.c +++ b/secure_fw/core/tfm_core_mem_check.c @@ -48,6 +48,20 @@ enum tfm_status_e tfm_core_has_read_access_to_region(const void *p, size_t s, { int flags = CMSE_MPU_READ; + /* In case of NS caller, only force unprivileged check, if the non secure + * Thread mode is unprivileged + */ + if (ns_caller) { + CONTROL_Type ctrl; + + ctrl.w = __TZ_get_CONTROL_NS(); + if (ctrl.b.nPRIV == 1) { + privileged = TFM_PARTITION_UNPRIVILEGED_MODE; + } else { + privileged = TFM_PARTITION_PRIVILEGED_MODE; + } + } + if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) { flags |= CMSE_MPU_UNPRIV; } @@ -65,6 +79,20 @@ enum tfm_status_e tfm_core_has_write_access_to_region(const void *p, size_t s, { int flags = CMSE_MPU_READWRITE; + /* In case of NS caller, only force unprivileged check, if the non secure + * Thread mode is unprivileged + */ + if (ns_caller) { + CONTROL_Type ctrl; + + ctrl.w = __TZ_get_CONTROL_NS(); + if (ctrl.b.nPRIV == 1) { + privileged = TFM_PARTITION_UNPRIVILEGED_MODE; + } else { + privileged = TFM_PARTITION_PRIVILEGED_MODE; + } + } + if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) { flags |= CMSE_MPU_UNPRIV; } |