-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
core: REE FS TAs: add option to verify signature before processing
Adds configuration flag CFG_REE_FS_TA_BUFFERED, default enabled. A new TA store is introduced which depends on the TEE FS TA store to load the whole binary into a temporary buffer in secure DDR and authenticate it before being processed further. This reduces the attack surface of the TEE core in case of a vulnerability in the ELF loader, at the expense of increased memory usage at load time. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reported-by: Bastien Simondi <bsimondi@netflix.com> [3.6] Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
- Loading branch information
1 parent
77cb2a4
commit 7db24ad
Showing
2 changed files
with
147 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters