From 440a5d1906502023f2a0fb0aecbdf0602d14acbf Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Mon, 13 Apr 2026 12:43:26 +0530 Subject: [PATCH] change(esp_tee): Move the internal memory secure service call table to IRAM - Using PMA, the TEE IRAM is marked as R/X while TEE DRAM is marked as R/W. Moving the internal memory secure service call table from DRAM to IRAM makes it immutable. --- .../esp_tee/subproject/main/core/esp_secure_service_table.c | 2 +- components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.release | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/components/esp_tee/subproject/main/core/esp_secure_service_table.c b/components/esp_tee/subproject/main/core/esp_secure_service_table.c index df5faa33aa..f1dceebcf2 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_service_table.c +++ b/components/esp_tee/subproject/main/core/esp_secure_service_table.c @@ -13,7 +13,7 @@ #pragma GCC diagnostic ignored "-Woverride-init" #endif -const DRAM_ATTR secure_service_entry_t tee_sec_srv_tbl_int_mem[] = { +const IRAM_ATTR secure_service_entry_t tee_sec_srv_tbl_int_mem[] = { [0 ... SECURE_SERVICES_SPLIT_ID - 1] = { .func = NULL, .nargs = 0 }, #define __SECURE_SERVICE(NR, SYM, ARGC) [NR] = { .func = _ss_##SYM, .nargs = ARGC }, #include "secure_service_int.h" diff --git a/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.release b/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.release index d1feac2ef0..b1a31c9631 100644 --- a/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.release +++ b/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.release @@ -1,6 +1,6 @@ # Reducing TEE IRAM size -# 29KB -CONFIG_SECURE_TEE_IRAM_SIZE=0x7400 +# 30KB +CONFIG_SECURE_TEE_IRAM_SIZE=0x7800 # TEE Secure Storage: Release mode CONFIG_SECURE_TEE_SEC_STG_MODE_RELEASE=y