Stack_seal_mitigation: Seal the PSP stacks for Library mode. This patch does the changes for sealing the PSP stacks used in library mode. There are 2 stacks used as PSP in Library mode : ARM_LIB_STACK and TFM_SECURE_STACK. In case of ARM_LIB_STACK, a new section is created for sealing the stack. The TFM_SECURE_STACK needs more careful manipulation as the top of stack is used for iovec parameters. So the code inserts a stack seal between the iovec parameters and Partition stack area. Signed-off-by: Soby Mathew <soby.mathew@arm.com> Change-Id: I028c625e53a8bb1677a7f3001095ab3452f82c32

commit: 960521a1536e75d9459d81e723b1cc3ca9128940 [log] [tgz]
author: Soby Mathew <soby.mathew@arm.com> Tue Sep 29 12:48:50 2020 +0100
committer: Soby Mathew <soby.mathew@arm.com> Fri Oct 16 17:02:07 2020 +0100
tree: 382bb5920972da233995ea3ef80ff946d2b16d21
parent: c0b5f6dae81ad9158f08227bd03a26519e7b4848 [diff] [blame]
diff --git a/secure_fw/spm/cmsis_func/main.c b/secure_fw/spm/cmsis_func/main.c
index 920d0f5..169f146 100644
--- a/secure_fw/spm/cmsis_func/main.c
+++ b/secure_fw/spm/cmsis_func/main.c

@@ -124,6 +124,9 @@
                                                     ARM_LIB_STACK_MSP,
                                                     $$ZI$$Base));
 
+    /* Seal the PSP stacks viz ARM_LIB_STACK and TFM_SECURE_STACK */
+    tfm_spm_seal_psp_stacks();
+
     if (tfm_core_init() != TFM_SUCCESS) {
         tfm_core_panic();
     }
commit	960521a1536e75d9459d81e723b1cc3ca9128940	[log] [tgz]
author	Soby Mathew <soby.mathew@arm.com>	Tue Sep 29 12:48:50 2020 +0100
committer	Soby Mathew <soby.mathew@arm.com>	Fri Oct 16 17:02:07 2020 +0100
tree	382bb5920972da233995ea3ef80ff946d2b16d21
parent	c0b5f6dae81ad9158f08227bd03a26519e7b4848 [diff] [blame]