Skip to content

Commit 32ef710

Browse files
committed
stm32h5-tz-wolfhsm: align NSC veneer pointer checks to CMSE_NONSECURE
1 parent 715b0f3 commit 32ef710

1 file changed

Lines changed: 9 additions & 8 deletions

File tree

src/wolfhsm_callable.c

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -138,13 +138,14 @@ int CSME_NSE_API wcs_wolfhsm_transmit(const uint8_t *cmd, uint32_t cmdSz,
138138
/* The caller is the non-secure world. Validate every caller-supplied
139139
* pointer references non-secure memory before dereferencing it, so a
140140
* compromised NS app cannot trick the secure side into reading or
141-
* writing through a secure-world pointer. Check the SAU/IDAU security
142-
* attribution only (CMSE_AU_NONSECURE); the NS MPU is not configured in
143-
* this demo, so an MPU-based permission check would reject valid
144-
* buffers. rspSz is checked first since it is dereferenced below to
145-
* obtain the response capacity. */
141+
* writing through a secure-world pointer. Use CMSE_NONSECURE to match the
142+
* sibling veneers (fwtpm_callable.c, pkcs11_callable.c, wc_callable.c):
143+
* the relevant property is the Secure/Non-secure attribution (SAU/IDAU);
144+
* the MPU read/write bits read back as 0 when NO_MPU is set and do not
145+
* constrain Secure accesses to NS memory anyway. rspSz is checked first
146+
* since it is dereferenced below to obtain the response capacity. */
146147
if (cmse_check_address_range((void *)rspSz, sizeof(*rspSz),
147-
CMSE_AU_NONSECURE) == NULL) {
148+
CMSE_NONSECURE) == NULL) {
148149
return WH_ERROR_BADARGS;
149150
}
150151
/* single-fetch *rspSz so it cannot be re-read after validation */
@@ -159,12 +160,12 @@ int CSME_NSE_API wcs_wolfhsm_transmit(const uint8_t *cmd, uint32_t cmdSz,
159160
return WH_ERROR_BADARGS;
160161
}
161162
if (cmse_check_address_range((void *)cmd, cmdSz,
162-
CMSE_AU_NONSECURE) == NULL) {
163+
CMSE_NONSECURE) == NULL) {
163164
*rspSz = 0;
164165
return WH_ERROR_BADARGS;
165166
}
166167
if (cmse_check_address_range(rsp, rsp_capacity,
167-
CMSE_AU_NONSECURE) == NULL) {
168+
CMSE_NONSECURE) == NULL) {
168169
*rspSz = 0;
169170
return WH_ERROR_BADARGS;
170171
}

0 commit comments

Comments
 (0)