[flash_ctrl] Relax the hardening in flash_ctrl_data_region_protect
#26034
Conversation
| // Reset the region's configuration via the MP_REGION_CFG_${region} register. | ||
| // This temporarily disables memory protection for the region. | ||
| flash_ctrl_mp_region_cfg_reset(region); | ||
| sec_mmio_write32(kBase + FLASH_CTRL_MP_REGION_CFG_0_REG_OFFSET + region, |
There was a problem hiding this comment.
We should consider adding a SEC_MMIO_ASSERT_WRITE_INCREMENT() to keep track of the sec_mmio counter increment.
I am not sure if we are doing any sec_mmio checks in the rom_ext after ownership commands have been executed. This is something we can discuss as a separate issue.
There was a problem hiding this comment.
Actually, I think this one should be abs_mmio_write32. That way, if an adversary could somehow early-return from this function before writing the new region config, a check would fail later.
But, I agree, the two sec_mmio writes at the bottom should probably have increments.
There was a problem hiding this comment.
Sounds good. I think we can do this in a follow up PR once we review the sec_mmio hardening for the ROM_EXT.
cfrantz
force-pushed
the
flash_ctrl-region-protect
branch
2 times, most recently
from
4d2709b to
37da31e
Compare
The hardening in the function `flash_ctrl_data_region_protect` resulted in 1304 bytes of RV32 machine code. This relaxed version results in 250 bytes of RV32 machine code. Signed-off-by: Chris Frantz <[email protected]>
cfrantz
force-pushed
the
flash_ctrl-region-protect
branch
from
37da31e to
f1bdbf4
Compare
The hardening in the function
flash_ctrl_data_region_protectresulted in 1304 bytes of RV32 machine code. This relaxed version results in 250 bytes of RV32 machine code.