PSA: Bootloader data length error in attestation service #12171
Description
Description of defect
I am porting TF-M onto Nuvoton's M2351 target (#10959), running Greentea tests, and finding error with PSA attestation service tests:
components-target_psa-tests-compliance_attestation-test_a001
tests-psa-attestation
After look into, the error comes from the temp_ram_page_data table below:
components\TARGET_PSA\services\attestation\COMPONENT_PSA_SRV_IMPL\attestation_bootloader_data.c:
/* Temporary Boodloader data - contains temp mandatory claims */
__attribute__((aligned(4)))
const uint8_t temp_ram_page_data[] = {
0x16, 0x20, 0xB0, 0x00, //shared_data_tlv_header
0x83, 0x11, 0x0C, 0x00, // SW_TYPE
0x4E, 0x53, 0x50, 0x45, 0x5F, 0x53, 0x50, 0x45,
0x80, 0x11, 0x0A, 0x00, //SW_VERSION
0x31, 0x2E, 0x31, 0x2E, 0x31, 0x31,
0x82, 0x11, 0x06, 0x00, //SW_EPOCH
0x00, 0x00,
0x88, 0x11, 0x24, 0x00, //SW_MEASURE_VALUE
0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7,
0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF,
0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7,
0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF,
0x81, 0x11, 0x24, 0x00, //SW_SIGNER_ID
0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7,
0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF,
0xD0, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7,
0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF,
0x89, 0x11, 0x0A, 0x00, //SW_MEASURE_TYPE
0x53, 0x48, 0x41, 0x32, 0x35, 0x36,
0x00, 0x10, 0x24, 0x00, //TLV_MINOR_IAS_BOOT_SEED
0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7,
0xA8, 0xA9, 0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF,
0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7,
0xB8, 0xB9, 0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF,
0x01, 0x10, 0x16, 0x00, //TLV_MINOR_IAS_HW_VERSION
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
0x31, 0x32
};The table shows it has 176 bytes, but actually it just has 172 bytes.
const uint8_t temp_ram_page_data[] = {
0x16, 0x20, 0xB0, 0x00, //shared_data_tlv_header
Due to the above length error, system may crash on iterating over the table:
components/TARGET_PSA/services/attestation/COMPONENT_PSA_SRV_IMPL/attest_boot_status_loader.c:
enum psa_attest_err_t
attest_get_boot_data(uint8_t major_type, void *ptr, uint32_t len) {
......
/* Iterates over the TLV section and copy TLVs with requested major
* type to the provided buffer.
*/
for (; offset < tlv_end; offset += tlv_entry->tlv_len)
{
tlv_entry = (struct shared_data_tlv_entry *)offset;
if (GET_MAJOR(tlv_entry->tlv_type) == major_type) {
if (len < ptr_tlv_header->tlv_tot_len + tlv_entry->tlv_len) {
return PSA_ATTEST_ERR_INIT_FAILED;
}
memcpy(ptr, (const void *)tlv_entry, tlv_entry->tlv_len);
ptr = (uint8_t *)ptr + tlv_entry->tlv_len;
ptr_tlv_header->tlv_tot_len += tlv_entry->tlv_len;
}
if (tlv_entry->tlv_len == 0) {
break;
}
}
......Target(s) affected by this defect ?
NU_PFM_M2351_S/NU_PFM_M2351_NS
Toolchain(s) (name and version) displaying this defect ?
Arm Compiler 6.13
What version of Mbed-os are you using (tag or sha) ?
06734e0 Merge pull request #12141 from kjbracey-arm/thread_rm51