Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-23 13:36:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(versal-net): change flag to increase security

Browse source 
Currently security flag is set to SECURE by default and
is changed to NON_SECURE if NS system is detected. In this
case NS system may access secure system if condition check
gets skipped due to glitches.

So, initialize security_flag to NON_SECURE_FLAG and switch
to SECURE_FLAG if the TrustZone bit is detected to be
in more secure state.

Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: I7af54465bd8744ba97a58c02607631ee23619d47
This commit is contained in:
Jay Buddhabhatti 2023-07-30 23:49:11 -07:00
parent 29ae73e3fb
commit e8efb65afb
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
plat/xilinx/common/pm_service/pm_svc_main.c
View file

@ -399,7 +399,7 @@ uint64_t pm_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3,
{ {
uintptr_t ret; uintptr_t ret;
uint32_t pm_arg[PAYLOAD_ARG_CNT] = {0}; uint32_t pm_arg[PAYLOAD_ARG_CNT] = {0};
uint32_t security_flag = SECURE_FLAG; uint32_t security_flag = NON_SECURE_FLAG;
uint32_t api_id; uint32_t api_id;
/* Handle case where PM wasn't initialized properly */ /* Handle case where PM wasn't initialized properly */
@ -408,11 +408,11 @@ uint64_t pm_smc_handler(uint32_t smc_fid, uint64_t x1, uint64_t x2, uint64_t x3,
} }
/* /*
* Mark BIT24 payload (i.e 1st bit of pm_arg[3] ) as non-secure (1) * Mark BIT24 payload (i.e 1st bit of pm_arg[3] ) as secure (0)
* if smc called is non secure * if smc called is secure
*/ */
if (is_caller_non_secure(flags) != 0) { if (is_caller_secure(flags)) {
security_flag = NON_SECURE_FLAG; security_flag = SECURE_FLAG;
} }
pm_arg[0] = (uint32_t)x1; pm_arg[0] = (uint32_t)x1;