Hi,

 

I saw that PSA_FRAMEWORK_HAS_MM_IOVEC is not permitted for Isolation level 2-3 and transient copies of the input and output data into a 5KB scratch buffer are always made when making a PSA call. 

This makes sense as FF-Mv1.1 states:

“In a system using isolation level 3, a Secure Partitions is not permitted to access another Secure

Partition’s Private data. MM-IOVEC can provide a mechanism for one Secure Partition to access the

other’s Private data.”

 

But I think the requirements for isolation level 3 could be fulfilled by:

If SP detects a Secure caller, it could make a transient copy of I/O data.

If SP detects a Non-Secure caller, it could use MMIOVECs or a similar method to access NS memory directly to avoid overhead and limitations of copying the I/O data. 

 

Is this logical/ correct?

 

With this approach, an attacker may tamper NS input data while the RoT service is processing those data but rules of isolation level 3 are maintained.

 

Regards,

 

Brian Quach

SimpleLink MCU

Texas Instruments Inc.