aboutsummaryrefslogtreecommitdiff
path: root/bl2/src
diff options
context:
space:
mode:
authorTamas Ban <tamas.ban@arm.com>2019-10-03 12:37:09 +0100
committerTamas Ban <tamas.ban@arm.com>2019-10-07 08:07:30 +0000
commit6d2e4303376949925e63580d04704655e45ba695 (patch)
treeab3e0ac2f638d2e4d1ae3be7c86ef88f32e7df78 /bl2/src
parent35fc447f874f464678742c53de5814254f593ca4 (diff)
downloadtrusted-firmware-m-6d2e4303376949925e63580d04704655e45ba695.tar.gz
Attest: Verify the exposure of shared data to NSPE
There is a shared buffer between bootloader and SPE to exchange boot data. This check was introduced to verify that a misconfiguration in the platform layer does not cause that shared buffer is accidentally exposed to NSPE, therefore risking to tamper sensitive data. Change-Id: I1eea2d644545b600c87b9e6199f742f7af9bc421 Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Diffstat (limited to 'bl2/src')
-rw-r--r--bl2/src/boot_record.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/bl2/src/boot_record.c b/bl2/src/boot_record.c
index b21fae8432..3f3018b5a0 100644
--- a/bl2/src/boot_record.c
+++ b/bl2/src/boot_record.c
@@ -38,6 +38,16 @@ static uint32_t shared_memory_init_done;
*/
#define SHARED_MEMORY_INITIALZED (1u)
+/* Compile time check to verify that shared data region is not overlapping with
+ * non-secure data area.
+ */
+#if ((BOOT_TFM_SHARED_DATA_BASE >= NS_DATA_START && \
+ BOOT_TFM_SHARED_DATA_BASE <= NS_DATA_LIMIT) || \
+ (BOOT_TFM_SHARED_DATA_LIMIT >= NS_DATA_START && \
+ BOOT_TFM_SHARED_DATA_LIMIT <= NS_DATA_LIMIT))
+#error "Shared data area and non-secure data area is overlapping"
+#endif
+
/*!
* \brief Add the measurement data of SW component to the shared memory area
*