aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--secure_fw/core/tfm_core_mem_check.c28
1 files changed, 28 insertions, 0 deletions
diff --git a/secure_fw/core/tfm_core_mem_check.c b/secure_fw/core/tfm_core_mem_check.c
index 62df3fd8f4..6e65102029 100644
--- a/secure_fw/core/tfm_core_mem_check.c
+++ b/secure_fw/core/tfm_core_mem_check.c
@@ -48,6 +48,20 @@ enum tfm_status_e tfm_core_has_read_access_to_region(const void *p, size_t s,
{
int flags = CMSE_MPU_READ;
+ /* In case of NS caller, only force unprivileged check, if the non secure
+ * Thread mode is unprivileged
+ */
+ if (ns_caller) {
+ CONTROL_Type ctrl;
+
+ ctrl.w = __TZ_get_CONTROL_NS();
+ if (ctrl.b.nPRIV == 1) {
+ privileged = TFM_PARTITION_UNPRIVILEGED_MODE;
+ } else {
+ privileged = TFM_PARTITION_PRIVILEGED_MODE;
+ }
+ }
+
if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) {
flags |= CMSE_MPU_UNPRIV;
}
@@ -65,6 +79,20 @@ enum tfm_status_e tfm_core_has_write_access_to_region(const void *p, size_t s,
{
int flags = CMSE_MPU_READWRITE;
+ /* In case of NS caller, only force unprivileged check, if the non secure
+ * Thread mode is unprivileged
+ */
+ if (ns_caller) {
+ CONTROL_Type ctrl;
+
+ ctrl.w = __TZ_get_CONTROL_NS();
+ if (ctrl.b.nPRIV == 1) {
+ privileged = TFM_PARTITION_UNPRIVILEGED_MODE;
+ } else {
+ privileged = TFM_PARTITION_PRIVILEGED_MODE;
+ }
+ }
+
if (privileged == TFM_PARTITION_UNPRIVILEGED_MODE) {
flags |= CMSE_MPU_UNPRIV;
}