diff options
author | Tamas Ban <tamas.ban@arm.com> | 2019-10-03 12:37:09 +0100 |
---|---|---|
committer | Tamas Ban <tamas.ban@arm.com> | 2019-10-07 08:07:30 +0000 |
commit | 6d2e4303376949925e63580d04704655e45ba695 (patch) | |
tree | ab3e0ac2f638d2e4d1ae3be7c86ef88f32e7df78 /bl2/src | |
parent | 35fc447f874f464678742c53de5814254f593ca4 (diff) | |
download | trusted-firmware-m-6d2e4303376949925e63580d04704655e45ba695.tar.gz |
Attest: Verify the exposure of shared data to NSPE
There is a shared buffer between bootloader and SPE to exchange
boot data. This check was introduced to verify that a misconfiguration
in the platform layer does not cause that shared buffer is
accidentally exposed to NSPE, therefore risking to tamper sensitive
data.
Change-Id: I1eea2d644545b600c87b9e6199f742f7af9bc421
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Diffstat (limited to 'bl2/src')
-rw-r--r-- | bl2/src/boot_record.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/bl2/src/boot_record.c b/bl2/src/boot_record.c index b21fae8432..3f3018b5a0 100644 --- a/bl2/src/boot_record.c +++ b/bl2/src/boot_record.c @@ -38,6 +38,16 @@ static uint32_t shared_memory_init_done; */ #define SHARED_MEMORY_INITIALZED (1u) +/* Compile time check to verify that shared data region is not overlapping with + * non-secure data area. + */ +#if ((BOOT_TFM_SHARED_DATA_BASE >= NS_DATA_START && \ + BOOT_TFM_SHARED_DATA_BASE <= NS_DATA_LIMIT) || \ + (BOOT_TFM_SHARED_DATA_LIMIT >= NS_DATA_START && \ + BOOT_TFM_SHARED_DATA_LIMIT <= NS_DATA_LIMIT)) +#error "Shared data area and non-secure data area is overlapping" +#endif + /*! * \brief Add the measurement data of SW component to the shared memory area * |