On 1/3/25 7:45 AM, Alice Guo wrote:
From: Ye Li ye.li@nxp.com
When SPL loading image to secure region, for example, ATF and tee to DDR secure region. Because the USDHC controller is non-secure master, it can't access this region and will cause loading issue.
So override h_spl_load_read to use a trampoline buffer in nonsecure region, then use CPU to copy the image from trampoline buffer to destination secure region.
Can the attacker intercept this and rewrite the soon-to-be-secure-only software with something that would later allow them to take over the system ? For example, could the attacker flip some secure-test bit in the TEE while it is in non-secure DRAM and before it is copied in the secure location, and make TEE accept privileged SMC operations from any unprivileged software ?