commit 997aeb3d6ceb529d03f27e83578278d99b84d1a3
author Tamas Ban <tamas.ban@arm.com> Mon Nov 19 13:28:32 2018 +0000
committer Tamas Ban <tamas.ban@arm.com> Wed Dec 05 16:05:02 2018 +0100
tree 4795fb240901fdbecde6ed2c302eb5fa63e1c563
parent 03220ae0c3748526b94db9a919c604c26a5f40a1

Core: Create wrapper functions around C lib calls

In long term standard C library might be removed from TF-M project or
replaced with a secure implementation due to security concerns.
Wrappers are introduced to indicate this concern and future change
to developers.

Change-Id: I86e9cd8563fd89bf70b0df59cb2ae1aeee9c02b9
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

secure_fw/core/secure_utilities.h

diff --git a/secure_fw/core/secure_utilities.h b/secure_fw/core/secure_utilities.h
index f268f30..32030fd 100644
--- a/secure_fw/core/secure_utilities.h
+++ b/secure_fw/core/secure_utilities.h
@@ -10,6 +10,7 @@
 
 #include "cmsis_compiler.h"
 #include "tfm_svc.h"
+#include "string.h"
 
 #define EXC_RETURN_INDICATOR                    (0xF << 28)
 #define EXC_RETURN_SECURITY_STACK_STATUS_MASK   (0x3 << 5)
@@ -103,4 +104,27 @@
     __asm("ISB");
 }
 
+/* FIXME: The following functions are wrappers around standard C library
+ *        functions: memcpy, memcmp, memset
+ *        In long term standard C library might be removed from TF-M project or
+ *        replaced with a secure implementation due to security concerns.
+ */
+__attribute__ ((always_inline)) __STATIC_INLINE
+void tfm_memcpy(void *dest, const void *src, uint32_t size)
+{
+    memcpy(dest, src, size);
+}
+
+__attribute__ ((always_inline)) __STATIC_INLINE
+int32_t tfm_memcmp(const void * ptr1, const void * ptr2, size_t num)
+{
+    return (memcmp(ptr1, ptr2, num));
+}
+
+__attribute__ ((always_inline)) __STATIC_INLINE
+void * tfm_memset(void * ptr, int value, size_t num)
+{
+    return (memset(ptr, value, num));
+}
+
 #endif /* __SECURE_UTILITIES_H__ */

secure_fw/core/tfm_handler.c

diff --git a/secure_fw/core/tfm_handler.c b/secure_fw/core/tfm_handler.c
index 4cf313c..88ac443 100644
--- a/secure_fw/core/tfm_handler.c
+++ b/secure_fw/core/tfm_handler.c
@@ -62,7 +62,9 @@
          sp <=  S_DATA_LIMIT - sizeof(tfm_fault_context) + 1) ||
         (sp >= NS_DATA_START &&
          sp <= NS_DATA_LIMIT - sizeof(tfm_fault_context) + 1)) {
-        memcpy(&tfm_fault_context, (const void *)sp, sizeof(tfm_fault_context));
+        tfm_memcpy(&tfm_fault_context,
+                   (const void *)sp,
+                   sizeof(tfm_fault_context));
     }
 
     LOG_MSG("Oops... Secure fault!!! You're not going anywhere!");

secure_fw/spm/spm_api.c

diff --git a/secure_fw/spm/spm_api.c b/secure_fw/spm/spm_api.c
index b17ee99..2aeb903 100644
--- a/secure_fw/spm/spm_api.c
+++ b/secure_fw/spm/spm_api.c
@@ -11,6 +11,7 @@
 #include <string.h>
 #include "spm_api.h"
 #include "platform/include/tfm_spm_hal.h"
+#include "secure_utilities.h"
 #include "spm_db_setup.h"
 #include "tfm_internal.h"
 #include "tfm_api.h"
@@ -71,7 +72,7 @@
 {
     struct spm_partition_desc_t *part_ptr;
 
-    memset (&g_spm_partition_db, 0, sizeof(g_spm_partition_db));
+    tfm_memset (&g_spm_partition_db, 0, sizeof(g_spm_partition_db));
 
     /* This function initialises partition db */
     g_spm_partition_db.running_partition_idx = SPM_INVALID_PARTITION_IDX;