On 1/3/25 7:45 AM, Alice Guo wrote:
From: Ye Li <ye...@nxp.com>
When SPL loading image to secure region, for example, ATF and tee to
DDR secure region. Because the USDHC controller is non-secure master,
it can't access this region and will cause loading issue.
So override h_spl_load_read to use a trampoline buffer in nonsecure
region, then use CPU to copy the image from trampoline buffer to
destination secure region.
Can the attacker intercept this and rewrite the soon-to-be-secure-only
software with something that would later allow them to take over the
system ? For example, could the attacker flip some secure-test bit in
the TEE while it is in non-secure DRAM and before it is copied in the
secure location, and make TEE accept privileged SMC operations from any
unprivileged software ?
