From 7867f4a57560bf9fc4a931e37ba02b7a3e9f406b Mon Sep 17 00:00:00 2001 From: Laukik Hase Date: Thu, 2 Apr 2026 15:41:11 +0530 Subject: [PATCH] fix(esp_tee): Add missing input validation checks for TEE service calls - MULTI_HEAP_ASSERT for TEE now aborts on failure, instead of ignoring the condition - Prevent potential TEE OTA write bounds overflow --- .../components/tee_ota_ops/esp_tee_ota_ops.c | 2 +- .../subproject/main/common/multi_heap.c | 7 +- .../main/core/esp_secure_services.c | 232 +++++++++++---- .../main/core/esp_secure_services_iram.c | 277 +++++++++++++----- .../main/include/esp_tee_memory_utils.h | 21 +- .../tee_cli_app/sdkconfig.ci.release | 4 +- .../test_apps/tee_cli_app/sdkconfig.ci.sb_fe | 6 + .../tee_test_fw/main/test_esp_tee_sec_stg.c | 12 +- .../tee_test_fw/sdkconfig.ci.tee_ota | 4 - .../test_apps/tee_test_fw/sdkconfig.defaults | 5 +- 10 files changed, 416 insertions(+), 154 deletions(-) diff --git a/components/esp_tee/subproject/components/tee_ota_ops/esp_tee_ota_ops.c b/components/esp_tee/subproject/components/tee_ota_ops/esp_tee_ota_ops.c index 5f6efa00ad..e193412103 100644 --- a/components/esp_tee/subproject/components/tee_ota_ops/esp_tee_ota_ops.c +++ b/components/esp_tee/subproject/components/tee_ota_ops/esp_tee_ota_ops.c @@ -108,7 +108,7 @@ esp_err_t esp_tee_ota_write(uint32_t rel_offset, const void *data, size_t size) return ESP_ERR_INVALID_STATE; } - if (rel_offset + size > ota_handle.tee_next.pos.size) { + if (size > ota_handle.tee_next.pos.size || rel_offset > ota_handle.tee_next.pos.size - size) { ESP_LOGE(TAG, "Out of region write not allowed!"); return ESP_FAIL; } diff --git a/components/esp_tee/subproject/main/common/multi_heap.c b/components/esp_tee/subproject/main/common/multi_heap.c index 5a654dd7a6..ec0b197515 100644 --- a/components/esp_tee/subproject/main/common/multi_heap.c +++ b/components/esp_tee/subproject/main/common/multi_heap.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2024-2026 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -19,7 +19,10 @@ inline static void multi_heap_assert(bool condition, const char *format, int lin /* Can't use libc assert() here as it calls printf() which can cause another malloc() for a newlib lock. Also, it's useful to be able to print the memory address where corruption was detected. */ - (void) condition; + if (!condition) { + esp_rom_printf(format, line, address); + abort(); + } } #define MULTI_HEAP_ASSERT(CONDITION, ADDRESS) \ diff --git a/components/esp_tee/subproject/main/core/esp_secure_services.c b/components/esp_tee/subproject/main/core/esp_secure_services.c index 13d53db7ad..e2f0949765 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_services.c +++ b/components/esp_tee/subproject/main/core/esp_secure_services.c @@ -27,6 +27,7 @@ #endif #include "psa/initial_attestation.h" #include "esp_crypto_periph_clk.h" +#include "nvs.h" #include "esp_tee.h" #include "esp_tee_memory_utils.h" @@ -60,8 +61,10 @@ int _ss_esp_aes_crypt_cbc(esp_aes_context *ctx, const unsigned char *input, unsigned char *output) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) && - (esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length)))); + bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) && + esp_tee_buf_in_ree(iv, 16) && + esp_tee_buf_in_ree(input, length) && + esp_tee_buf_in_ree(output, length)); if (!valid_addr) { return -1; @@ -79,8 +82,11 @@ int _ss_esp_aes_crypt_cfb128(esp_aes_context *ctx, const unsigned char *input, unsigned char *output) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) && - (esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length)))); + bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) && + esp_tee_buf_in_ree(iv_off, sizeof(size_t)) && + esp_tee_buf_in_ree(iv, 16) && + esp_tee_buf_in_ree(input, length) && + esp_tee_buf_in_ree(output, length)); if (!valid_addr) { return -1; @@ -97,8 +103,10 @@ int _ss_esp_aes_crypt_cfb8(esp_aes_context *ctx, const unsigned char *input, unsigned char *output) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) && - (esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length)))); + bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) && + esp_tee_buf_in_ree(iv, 16) && + esp_tee_buf_in_ree(input, length) && + esp_tee_buf_in_ree(output, length)); if (!valid_addr) { return -1; @@ -116,8 +124,12 @@ int _ss_esp_aes_crypt_ctr(esp_aes_context *ctx, const unsigned char *input, unsigned char *output) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) && - (esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length)))); + bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) && + esp_tee_buf_in_ree(nc_off, sizeof(size_t)) && + esp_tee_buf_in_ree(nonce_counter, 16) && + esp_tee_buf_in_ree(stream_block, 16) && + esp_tee_buf_in_ree(input, length) && + esp_tee_buf_in_ree(output, length)); if (!valid_addr) { return -1; @@ -132,8 +144,9 @@ int _ss_esp_aes_crypt_ecb(esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16]) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) && - (esp_tee_ptr_in_ree((void *)(input + 16)) && esp_tee_ptr_in_ree((void *)(output + 16)))); + bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) && + esp_tee_buf_in_ree(input, 16) && + esp_tee_buf_in_ree(output, 16)); if (!valid_addr) { return -1; @@ -150,8 +163,11 @@ int _ss_esp_aes_crypt_ofb(esp_aes_context *ctx, const unsigned char *input, unsigned char *output) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) && - (esp_tee_ptr_in_ree((void *)(input + length)) && esp_tee_ptr_in_ree((void *)(output + length)))); + bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_aes_context)) && + esp_tee_buf_in_ree(iv_off, sizeof(size_t)) && + esp_tee_buf_in_ree(iv, 16) && + esp_tee_buf_in_ree(input, length) && + esp_tee_buf_in_ree(output, length)); if (!valid_addr) { return -1; @@ -165,10 +181,63 @@ int _ss_esp_aes_crypt_ofb(esp_aes_context *ctx, /* ---------------------------------------------- SHA ------------------------------------------------- */ #if SOC_SHA_SUPPORTED +static size_t get_sha_digest_size(esp_sha_type sha_type) +{ + switch (sha_type) { + case SHA1: return 20; + case SHA2_224: return 28; + case SHA2_256: return 32; +#if SOC_SHA_SUPPORT_SHA384 + case SHA2_384: return 48; +#endif +#if SOC_SHA_SUPPORT_SHA512 + case SHA2_512: return 64; +#endif + default: return 0; + } +} + +static size_t get_sha_state_size(esp_sha_type sha_type) +{ + switch (sha_type) { + case SHA1: return 20; + case SHA2_224: + case SHA2_256: return 32; +#if SOC_SHA_SUPPORT_SHA384 + case SHA2_384: return 64; +#endif +#if SOC_SHA_SUPPORT_SHA512 + case SHA2_512: return 64; +#endif + default: return 0; + } +} + +static size_t get_sha_block_size(esp_sha_type sha_type) +{ + switch (sha_type) { + case SHA1: + case SHA2_224: + case SHA2_256: return 64; +#if SOC_SHA_SUPPORT_SHA384 + case SHA2_384: return 128; +#endif +#if SOC_SHA_SUPPORT_SHA512 + case SHA2_512: return 128; +#endif + default: return 0; + } +} + void _ss_esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, unsigned char *output) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)input) && esp_tee_ptr_in_ree((void *)output)) && - (esp_tee_ptr_in_ree((void *)(input + ilen)))); + size_t digest_size = get_sha_digest_size(sha_type); + if (digest_size == 0) { + return; + } + + bool valid_addr = (esp_tee_buf_in_ree(input, ilen) && + esp_tee_buf_in_ree(output, digest_size)); if (!valid_addr) { return; @@ -181,11 +250,9 @@ void _ss_esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, int _ss_esp_sha_dma(esp_sha_type sha_type, const void *input, uint32_t ilen, const void *buf, uint32_t buf_len, bool is_first_block) { - bool valid_addr = (esp_tee_ptr_in_ree((void *)input) && - esp_tee_ptr_in_ree((void *)((char *)input + ilen))); + bool valid_addr = esp_tee_buf_in_ree(input, ilen); if (buf_len) { - valid_addr &= (esp_tee_ptr_in_ree((void *)buf) && - esp_tee_ptr_in_ree((void *)((char *)buf + buf_len))); + valid_addr &= esp_tee_buf_in_ree(buf, buf_len); } if (!valid_addr) { @@ -198,16 +265,52 @@ int _ss_esp_sha_dma(esp_sha_type sha_type, const void *input, uint32_t ilen, void _ss_esp_sha_read_digest_state(esp_sha_type sha_type, void *digest_state) { + size_t state_sz = get_sha_state_size(sha_type); + if (state_sz == 0) { + return; + } + + bool valid_addr = esp_tee_buf_in_ree(digest_state, state_sz); + + if (!valid_addr) { + return; + } + ESP_FAULT_ASSERT(valid_addr); + sha_hal_read_digest(sha_type, digest_state); } void _ss_esp_sha_write_digest_state(esp_sha_type sha_type, void *digest_state) { + size_t state_sz = get_sha_state_size(sha_type); + if (state_sz == 0) { + return; + } + + bool valid_addr = esp_tee_buf_in_ree(digest_state, state_sz); + + if (!valid_addr) { + return; + } + ESP_FAULT_ASSERT(valid_addr); + sha_hal_write_digest(sha_type, digest_state); } void _ss_esp_sha_block(esp_sha_type sha_type, const void *data_block, bool is_first_block) { + size_t block_sz = get_sha_block_size(sha_type); + if (block_sz == 0) { + return; + } + + bool valid_addr = esp_tee_buf_in_ree(data_block, block_sz); + + if (!valid_addr) { + return; + } + ESP_FAULT_ASSERT(valid_addr); + esp_sha_block(sha_type, data_block, is_first_block); } @@ -234,8 +337,8 @@ int _ss_esp_sha_512_t_init_hash(uint16_t t) #if SOC_HMAC_SUPPORTED esp_err_t _ss_esp_hmac_calculate(hmac_key_id_t key_id, const void *message, size_t message_len, uint8_t *hmac) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)message) && esp_tee_ptr_in_ree((void *)hmac)) && - esp_tee_ptr_in_ree((void *)((char *)message + message_len))); + bool valid_addr = (esp_tee_buf_in_ree(message, message_len) && + esp_tee_buf_in_ree(hmac, 32)); #if CONFIG_SECURE_TEE_SEC_STG_MODE_RELEASE valid_addr &= (key_id != (hmac_key_id_t)CONFIG_SECURE_TEE_SEC_STG_EFUSE_HMAC_KEY_ID); @@ -252,7 +355,7 @@ esp_err_t _ss_esp_hmac_calculate(hmac_key_id_t key_id, const void *message, size esp_err_t _ss_esp_hmac_jtag_enable(hmac_key_id_t key_id, const uint8_t *token) { - bool valid_addr = (esp_tee_ptr_in_ree((void *)token)); + bool valid_addr = esp_tee_buf_in_ree((void *)token, 32); #if CONFIG_SECURE_TEE_SEC_STG_MODE_RELEASE valid_addr &= (key_id != (hmac_key_id_t)CONFIG_SECURE_TEE_SEC_STG_EFUSE_HMAC_KEY_ID); @@ -274,14 +377,23 @@ esp_err_t _ss_esp_hmac_jtag_disable(void) #endif #if SOC_DIG_SIGN_SUPPORTED +static size_t get_ds_msg_sign_len(esp_digital_signature_length_t rsa_length) +{ + if (rsa_length != ESP_DS_RSA_1024 && rsa_length != ESP_DS_RSA_2048 && + rsa_length != ESP_DS_RSA_3072 && rsa_length != ESP_DS_RSA_4096) { + return 0; + } + return (size_t)(rsa_length + 1) * 4; +} + esp_err_t _ss_esp_ds_sign(const void *message, const esp_ds_data_t *data, hmac_key_id_t key_id, void *signature) { - bool valid_addr = (esp_tee_ptr_in_ree((void *)message) && - esp_tee_ptr_in_ree((void *)data) && - esp_tee_ptr_in_ree((void *)signature)); + bool valid_addr = esp_tee_buf_in_ree(data, sizeof(esp_ds_data_t)); + size_t n = get_ds_msg_sign_len(data->rsa_length); + valid_addr = (n > 0) && esp_tee_buf_in_ree(message, n) && esp_tee_buf_in_ree(signature, n); #if CONFIG_SECURE_TEE_SEC_STG_MODE_RELEASE valid_addr &= (key_id != (hmac_key_id_t)CONFIG_SECURE_TEE_SEC_STG_EFUSE_HMAC_KEY_ID); @@ -301,9 +413,10 @@ esp_err_t _ss_esp_ds_start_sign(const void *message, hmac_key_id_t key_id, esp_ds_context_t **esp_ds_ctx) { - bool valid_addr = (esp_tee_ptr_in_ree((void *)message) && - esp_tee_ptr_in_ree((void *)data) && - esp_tee_ptr_in_ree((void *)esp_ds_ctx)); + bool valid_addr = (esp_tee_buf_in_ree(esp_ds_ctx, sizeof(esp_ds_context_t *)) && + esp_tee_buf_in_ree(data, sizeof(esp_ds_data_t))); + size_t n = get_ds_msg_sign_len(data->rsa_length); + valid_addr = (n > 0) && esp_tee_buf_in_ree(message, n); #if CONFIG_SECURE_TEE_SEC_STG_MODE_RELEASE valid_addr &= (key_id != (hmac_key_id_t)CONFIG_SECURE_TEE_SEC_STG_EFUSE_HMAC_KEY_ID); @@ -325,10 +438,8 @@ bool _ss_esp_ds_is_busy(void) esp_err_t _ss_esp_ds_finish_sign(void *signature, esp_ds_context_t *esp_ds_ctx) { - bool valid_addr = (esp_tee_ptr_in_ree((void *)signature) && - esp_tee_ptr_in_ree((void *)esp_ds_ctx)); - - valid_addr &= esp_tee_ptr_in_ree((void *)((char *)esp_ds_ctx + sizeof(esp_ds_data_t))); + const size_t max_sign = get_ds_msg_sign_len(ESP_DS_RSA_4096); + bool valid_addr = esp_tee_buf_in_ree(signature, max_sign); if (!valid_addr) { return ESP_ERR_INVALID_ARG; @@ -343,12 +454,10 @@ esp_err_t _ss_esp_ds_encrypt_params(esp_ds_data_t *data, const esp_ds_p_data_t *p_data, const void *key) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)data) && esp_tee_ptr_in_ree((void *)p_data)) && - (esp_tee_ptr_in_ree((void *)iv) && esp_tee_ptr_in_ree((void *)key))); - - valid_addr &= esp_tee_ptr_in_ree((void *)((char *)data + sizeof(esp_ds_data_t))); - valid_addr &= esp_tee_ptr_in_ree((void *)((char *)p_data + sizeof(esp_ds_p_data_t))); - valid_addr &= esp_tee_ptr_in_ree((void *)((char *)key + ESP_DS_DATA_KEY_SIZE)); + bool valid_addr = (esp_tee_buf_in_ree(data, sizeof(esp_ds_data_t)) && + esp_tee_buf_in_ree(iv, ESP_DS_IV_LEN) && + esp_tee_buf_in_ree(p_data, sizeof(esp_ds_p_data_t)) && + esp_tee_buf_in_ree(key, ESP_DS_DATA_KEY_SIZE)); if (!valid_addr) { return ESP_ERR_INVALID_ARG; @@ -364,12 +473,10 @@ esp_err_t _ss_esp_ds_encrypt_params_using_key_type(esp_ds_data_t *data, const void *key, esp_ds_key_type_t key_type) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)data) && esp_tee_ptr_in_ree((void *)p_data)) && - (esp_tee_ptr_in_ree((void *)iv) && esp_tee_ptr_in_ree((void *)key))); - - valid_addr &= esp_tee_ptr_in_ree((void *)((char *)data + sizeof(esp_ds_data_t))); - valid_addr &= esp_tee_ptr_in_ree((void *)((char *)p_data + sizeof(esp_ds_p_data_t))); - valid_addr &= esp_tee_ptr_in_ree((void *)((char *)key + ESP_DS_DATA_KEY_SIZE)); + bool valid_addr = (esp_tee_buf_in_ree(data, sizeof(esp_ds_data_t)) && + esp_tee_buf_in_ree(iv, ESP_DS_IV_LEN) && + esp_tee_buf_in_ree(p_data, sizeof(esp_ds_p_data_t)) && + esp_tee_buf_in_ree(key, ESP_DS_DATA_KEY_SIZE)); if (!valid_addr) { return ESP_ERR_INVALID_ARG; @@ -394,8 +501,11 @@ void _ss_esp_crypto_mpi_enable_periph_clk(bool enable) #if SOC_ECC_SUPPORTED int _ss_esp_ecc_point_multiply(const ecc_point_t *point, const uint8_t *scalar, ecc_point_t *result, bool verify_first) { - bool valid_addr = (esp_tee_ptr_in_ree((void *)result)) && - esp_tee_ptr_in_ree((void *)((char *)result + sizeof(ecc_point_t))); + bool valid_addr = (esp_tee_buf_in_ree(point, sizeof(ecc_point_t)) && + esp_tee_buf_in_ree(result, sizeof(ecc_point_t))); + if (valid_addr) { + valid_addr = esp_tee_buf_in_ree(scalar, MAX_SIZE); + } if (!valid_addr) { return -1; @@ -407,6 +517,13 @@ int _ss_esp_ecc_point_multiply(const ecc_point_t *point, const uint8_t *scalar, int _ss_esp_ecc_point_verify(const ecc_point_t *point) { + bool valid_addr = esp_tee_buf_in_ree(point, sizeof(ecc_point_t)); + + if (!valid_addr) { + return -1; + } + ESP_FAULT_ASSERT(valid_addr); + return esp_ecc_point_verify(point); } #endif @@ -427,8 +544,7 @@ int _ss_esp_tee_ota_begin(void) int _ss_esp_tee_ota_write(uint32_t rel_offset, void *data, size_t size) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)data)) && - (esp_tee_ptr_in_ree((void *)((char *)data + size)))); + bool valid_addr = esp_tee_buf_in_ree(data, size); if (!valid_addr) { return -1; @@ -452,6 +568,13 @@ esp_err_t _ss_esp_tee_sec_storage_clear_key(const char *key_id) esp_err_t _ss_esp_tee_sec_storage_gen_key(const esp_tee_sec_storage_key_cfg_t *cfg) { + bool valid_addr = esp_tee_buf_in_ree(cfg, sizeof(esp_tee_sec_storage_key_cfg_t)); + + if (!valid_addr) { + return ESP_ERR_INVALID_ARG; + } + ESP_FAULT_ASSERT(valid_addr); + return esp_tee_sec_storage_gen_key(cfg); } @@ -475,11 +598,9 @@ psa_status_t _ss_psa_initial_attest_get_token(const uint8_t *auth_challenge, siz uint8_t *token_buf, size_t token_buf_size, size_t *token_size) { #if CONFIG_SECURE_TEE_ATTESTATION - bool valid_addr = (esp_tee_ptr_in_ree((void *)auth_challenge) && - esp_tee_ptr_in_ree((void *)token_buf) && - esp_tee_ptr_in_ree((void *)token_size)); - valid_addr &= (esp_tee_ptr_in_ree((void *)((uint8_t *)auth_challenge + challenge_size)) && - esp_tee_ptr_in_ree((void *)((uint8_t *)token_buf + token_buf_size))); + bool valid_addr = (esp_tee_buf_in_ree(auth_challenge, challenge_size) && + esp_tee_buf_in_ree(token_buf, token_buf_size) && + esp_tee_buf_in_ree(token_size, sizeof(size_t))); if (!valid_addr) { return PSA_ERROR_INVALID_ARGUMENT; @@ -495,6 +616,13 @@ psa_status_t _ss_psa_initial_attest_get_token(const uint8_t *auth_challenge, siz psa_status_t _ss_psa_initial_attest_get_token_size(size_t challenge_size, size_t *token_size) { #if CONFIG_SECURE_TEE_ATTESTATION + bool valid_addr = esp_tee_buf_in_ree(token_size, sizeof(size_t)); + + if (!valid_addr) { + return PSA_ERROR_INVALID_ARGUMENT; + } + ESP_FAULT_ASSERT(valid_addr); + return esp_err_to_psa_status(esp_att_get_token_size(challenge_size, token_size)); #else return PSA_ERROR_NOT_SUPPORTED; diff --git a/components/esp_tee/subproject/main/core/esp_secure_services_iram.c b/components/esp_tee/subproject/main/core/esp_secure_services_iram.c index 866d40217e..4c234be4fa 100644 --- a/components/esp_tee/subproject/main/core/esp_secure_services_iram.c +++ b/components/esp_tee/subproject/main/core/esp_secure_services_iram.c @@ -20,6 +20,7 @@ #include "esp_private/memspi_host_driver.h" #include "esp_private/mspi_timing_tuning.h" #include "esp_flash.h" +#include "esp_flash_chips/esp_flash_types.h" #include "riscv/rv_utils.h" #include "esp_tee.h" @@ -27,6 +28,7 @@ #include "esp_tee_intr.h" #include "esp_tee_rv_utils.h" +#include "nvs.h" #include "esp_tee_flash.h" #include "esp_tee_sec_storage.h" @@ -114,11 +116,25 @@ void _ss_esprv_int_set_vectored(int rv_int_num, bool vectored) void _ss_wdt_hal_init(wdt_hal_context_t *hal, wdt_inst_t wdt_inst, uint32_t prescaler, bool enable_intr) { + bool valid_addr = esp_tee_buf_in_ree(hal, sizeof(wdt_hal_context_t)); + + if (!valid_addr) { + return; + } + ESP_FAULT_ASSERT(valid_addr); + wdt_hal_init(hal, wdt_inst, prescaler, enable_intr); } void _ss_wdt_hal_deinit(wdt_hal_context_t *hal) { + bool valid_addr = esp_tee_buf_in_ree(hal, sizeof(wdt_hal_context_t)); + + if (!valid_addr) { + return; + } + ESP_FAULT_ASSERT(valid_addr); + wdt_hal_deinit(hal); } @@ -126,9 +142,9 @@ void _ss_wdt_hal_deinit(wdt_hal_context_t *hal) esp_err_t _ss_esp_tee_sec_storage_ecdsa_sign(const esp_tee_sec_storage_key_cfg_t *cfg, const uint8_t *hash, size_t hlen, esp_tee_sec_storage_ecdsa_sign_t *out_sign) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)hash) && esp_tee_ptr_in_ree((void *)out_sign)) && - (esp_tee_ptr_in_ree((void *)(hash + hlen)) && - esp_tee_ptr_in_ree((void *)((char *)out_sign + sizeof(esp_tee_sec_storage_ecdsa_sign_t))))); + bool valid_addr = (esp_tee_buf_in_ree(cfg, sizeof(esp_tee_sec_storage_key_cfg_t)) && + esp_tee_buf_in_ree(hash, hlen) && + esp_tee_buf_in_ree(out_sign, sizeof(esp_tee_sec_storage_ecdsa_sign_t))); if (!valid_addr) { return ESP_ERR_INVALID_ARG; @@ -140,8 +156,8 @@ esp_err_t _ss_esp_tee_sec_storage_ecdsa_sign(const esp_tee_sec_storage_key_cfg_t esp_err_t _ss_esp_tee_sec_storage_ecdsa_get_pubkey(const esp_tee_sec_storage_key_cfg_t *cfg, esp_tee_sec_storage_ecdsa_pubkey_t *out_pubkey) { - bool valid_addr = ((esp_tee_ptr_in_ree((void *)out_pubkey)) && - (esp_tee_ptr_in_ree((void *)((char *)out_pubkey + sizeof(esp_tee_sec_storage_ecdsa_pubkey_t))))); + bool valid_addr = (esp_tee_buf_in_ree(cfg, sizeof(esp_tee_sec_storage_key_cfg_t)) && + esp_tee_buf_in_ree(out_pubkey, sizeof(esp_tee_sec_storage_ecdsa_pubkey_t))); if (!valid_addr) { return ESP_ERR_INVALID_ARG; @@ -153,18 +169,14 @@ esp_err_t _ss_esp_tee_sec_storage_ecdsa_get_pubkey(const esp_tee_sec_storage_key esp_err_t _ss_esp_tee_sec_storage_aead_encrypt(const esp_tee_sec_storage_aead_ctx_t *ctx, uint8_t *iv, size_t iv_len, uint8_t *tag, size_t tag_len, uint8_t *output) { - bool valid_addr = (esp_tee_ptr_in_ree((void *)ctx->input) && - esp_tee_ptr_in_ree((void *)iv) && - esp_tee_ptr_in_ree((void *)tag) && - esp_tee_ptr_in_ree((void *)output)); + bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_tee_sec_storage_aead_ctx_t)) && + esp_tee_buf_in_ree(ctx->input, ctx->input_len) && + esp_tee_buf_in_ree(iv, iv_len) && + esp_tee_buf_in_ree(tag, tag_len) && + esp_tee_buf_in_ree(output, ctx->input_len)); - valid_addr &= (esp_tee_ptr_in_ree((void *)(ctx->input + ctx->input_len)) && - esp_tee_ptr_in_ree((void *)(iv + iv_len)) && - esp_tee_ptr_in_ree((void *)(tag + tag_len)) && - esp_tee_ptr_in_ree((void *)(output + ctx->input_len))); - - if (ctx->aad) { - valid_addr &= (esp_tee_ptr_in_ree((void *)ctx->aad) && esp_tee_ptr_in_ree((void *)(ctx->aad + ctx->aad_len))); + if (ctx->aad_len != 0) { + valid_addr = esp_tee_buf_in_ree(ctx->aad, ctx->aad_len); } if (!valid_addr) { @@ -177,18 +189,14 @@ esp_err_t _ss_esp_tee_sec_storage_aead_encrypt(const esp_tee_sec_storage_aead_ct esp_err_t _ss_esp_tee_sec_storage_aead_decrypt(const esp_tee_sec_storage_aead_ctx_t *ctx, const uint8_t *iv, size_t iv_len, const uint8_t *tag, size_t tag_len, uint8_t *output) { - bool valid_addr = (esp_tee_ptr_in_ree((void *)ctx->input) && - esp_tee_ptr_in_ree((void *)iv) && - esp_tee_ptr_in_ree((void *)tag) && - esp_tee_ptr_in_ree((void *)output)); + bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_tee_sec_storage_aead_ctx_t)) && + esp_tee_buf_in_ree(ctx->input, ctx->input_len) && + esp_tee_buf_in_ree(iv, iv_len) && + esp_tee_buf_in_ree(tag, tag_len) && + esp_tee_buf_in_ree(output, ctx->input_len)); - valid_addr &= (esp_tee_ptr_in_ree((void *)(ctx->input + ctx->input_len)) && - esp_tee_ptr_in_ree((void *)(iv + iv_len)) && - esp_tee_ptr_in_ree((void *)(tag + tag_len)) && - esp_tee_ptr_in_ree((void *)(output + ctx->input_len))); - - if (ctx->aad) { - valid_addr &= (esp_tee_ptr_in_ree((void *)ctx->aad) && esp_tee_ptr_in_ree((void *)(ctx->aad + ctx->aad_len))); + if (ctx->aad_len != 0) { + valid_addr = esp_tee_buf_in_ree(ctx->aad, ctx->aad_len); } if (!valid_addr) { @@ -201,15 +209,11 @@ esp_err_t _ss_esp_tee_sec_storage_aead_decrypt(const esp_tee_sec_storage_aead_ct esp_err_t _ss_esp_tee_sec_storage_ecdsa_sign_pbkdf2(const esp_tee_sec_storage_pbkdf2_ctx_t *ctx, const uint8_t *hash, size_t hlen, esp_tee_sec_storage_ecdsa_sign_t *out_sign, esp_tee_sec_storage_ecdsa_pubkey_t *out_pubkey) { - bool valid_addr = (esp_tee_ptr_in_ree((void *)ctx) && - esp_tee_ptr_in_ree((void *)hash) && - esp_tee_ptr_in_ree((void *)out_sign) && - esp_tee_ptr_in_ree((void *)out_pubkey)); - - valid_addr &= (esp_tee_ptr_in_ree((void *)((char *)ctx + sizeof(esp_tee_sec_storage_pbkdf2_ctx_t))) && - esp_tee_ptr_in_ree((void *)(hash + hlen)) && - esp_tee_ptr_in_ree((void *)((char *)out_sign + sizeof(esp_tee_sec_storage_ecdsa_sign_t))) && - esp_tee_ptr_in_ree((void *)((char *)out_pubkey + sizeof(esp_tee_sec_storage_ecdsa_pubkey_t)))); + bool valid_addr = (esp_tee_buf_in_ree(ctx, sizeof(esp_tee_sec_storage_pbkdf2_ctx_t)) && + esp_tee_buf_in_ree(hash, hlen) && + esp_tee_buf_in_ree(out_sign, sizeof(esp_tee_sec_storage_ecdsa_sign_t)) && + esp_tee_buf_in_ree(out_pubkey, sizeof(esp_tee_sec_storage_ecdsa_pubkey_t)) && + esp_tee_buf_in_ree(ctx->salt, ctx->salt_len)); if (!valid_addr) { return ESP_ERR_INVALID_ARG; @@ -224,13 +228,15 @@ esp_err_t _ss_esp_tee_sec_storage_ecdsa_sign_pbkdf2(const esp_tee_sec_storage_pb void _ss_mmu_hal_map_region(uint32_t mmu_id, mmu_target_t mem_type, uint32_t vaddr, uint32_t paddr, uint32_t len, uint32_t *out_len) { - bool vaddr_chk = esp_tee_flash_check_vrange_in_tee_region(vaddr, len); - bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(paddr, len); - if (vaddr_chk || paddr_chk) { + bool valid_addr = (!esp_tee_flash_check_vrange_in_tee_region(vaddr, len) && + !esp_tee_flash_check_prange_in_tee_region(paddr, len) && + esp_tee_buf_in_ree(out_len, sizeof(uint32_t))); + + if (!valid_addr) { ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x | 0x%08x", __func__, vaddr, paddr); return; } - ESP_FAULT_ASSERT(!vaddr_chk && !paddr_chk); + ESP_FAULT_ASSERT(valid_addr); mmu_hal_map_region(mmu_id, mem_type, vaddr, paddr, len, out_len); } @@ -238,6 +244,7 @@ void _ss_mmu_hal_map_region(uint32_t mmu_id, mmu_target_t mem_type, uint32_t vad void _ss_mmu_hal_unmap_region(uint32_t mmu_id, uint32_t vaddr, uint32_t len) { bool vaddr_chk = esp_tee_flash_check_vrange_in_tee_region(vaddr, len); + if (vaddr_chk) { ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, vaddr); return; @@ -249,21 +256,28 @@ void _ss_mmu_hal_unmap_region(uint32_t mmu_id, uint32_t vaddr, uint32_t len) bool _ss_mmu_hal_vaddr_to_paddr(uint32_t mmu_id, uint32_t vaddr, uint32_t *out_paddr, mmu_target_t *out_target) { - bool vaddr_chk = esp_tee_flash_check_vaddr_in_tee_region(vaddr); - if (vaddr_chk) { + bool valid_addr = (!esp_tee_flash_check_vaddr_in_tee_region(vaddr) && + esp_tee_buf_in_ree(out_paddr, sizeof(uint32_t)) && + esp_tee_buf_in_ree(out_target, sizeof(mmu_target_t))); + + if (!valid_addr) { return false; } - ESP_FAULT_ASSERT(!vaddr_chk); + ESP_FAULT_ASSERT(valid_addr); + return mmu_hal_vaddr_to_paddr(mmu_id, vaddr, out_paddr, out_target); } bool _ss_mmu_hal_paddr_to_vaddr(uint32_t mmu_id, uint32_t paddr, mmu_target_t target, mmu_vaddr_t type, uint32_t *out_vaddr) { - bool paddr_chk = esp_tee_flash_check_paddr_in_tee_region(paddr); - if (paddr_chk) { + bool valid_addr = (!esp_tee_flash_check_paddr_in_tee_region(paddr) && + esp_tee_buf_in_ree(out_vaddr, sizeof(uint32_t))); + + if (!valid_addr) { return false; } - ESP_FAULT_ASSERT(!paddr_chk); + ESP_FAULT_ASSERT(valid_addr); + return mmu_hal_paddr_to_vaddr(mmu_id, paddr, target, type, out_vaddr); } @@ -277,110 +291,192 @@ void _ss_Cache_Set_IDROM_MMU_Size(uint32_t irom_size, uint32_t drom_size) #if CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1 /* ---------------------------------------------- SPI Flash HAL ------------------------------------------------- */ +static bool is_spi_host_in_ree(spi_flash_host_inst_t *host) +{ + return esp_tee_buf_in_ree(host, sizeof(spi_flash_host_inst_t)); +} + +static bool is_spi_trans_valid(spi_flash_host_inst_t *host, spi_flash_trans_t *trans) +{ + bool valid_addr = (is_spi_host_in_ree(host) && + esp_tee_buf_in_ree(trans, sizeof(spi_flash_trans_t))); + + if (trans->mosi_len != 0) { + valid_addr &= esp_tee_buf_in_ree(trans->mosi_data, trans->mosi_len); + } + if (trans->miso_len != 0) { + valid_addr &= esp_tee_buf_in_ree(trans->miso_data, trans->miso_len); + } + return valid_addr; +} + uint32_t _ss_spi_flash_hal_check_status(spi_flash_host_inst_t *host) { + bool valid_addr = is_spi_host_in_ree(host); + + if (!valid_addr) { + return 0; + } + ESP_FAULT_ASSERT(valid_addr); + return spi_flash_hal_check_status(host); } esp_err_t _ss_spi_flash_hal_common_command(spi_flash_host_inst_t *host, spi_flash_trans_t *trans) { - bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(trans->address, trans->mosi_len); - paddr_chk |= esp_tee_flash_check_prange_in_tee_region(trans->address, trans->miso_len); - if (paddr_chk) { + bool valid_addr = (is_spi_trans_valid(host, trans) && + !esp_tee_flash_check_prange_in_tee_region(trans->address, trans->mosi_len) && + !esp_tee_flash_check_prange_in_tee_region(trans->address, trans->miso_len)); + + if (!valid_addr) { ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, trans->address); - return ESP_FAIL; + return ESP_ERR_INVALID_ARG; } + ESP_FAULT_ASSERT(valid_addr); + return spi_flash_hal_common_command(host, trans); } esp_err_t _ss_spi_flash_hal_device_config(spi_flash_host_inst_t *host) { + bool valid_addr = is_spi_host_in_ree(host); + + if (!valid_addr) { + return ESP_ERR_INVALID_ARG; + } + ESP_FAULT_ASSERT(valid_addr); + return spi_flash_hal_device_config(host); } void _ss_spi_flash_hal_erase_block(spi_flash_host_inst_t *host, uint32_t start_address) { - bool paddr_chk = esp_tee_flash_check_paddr_in_tee_region(start_address); - if (paddr_chk) { + bool valid_addr = (is_spi_host_in_ree(host) && + !esp_tee_flash_check_paddr_in_tee_region(start_address)); + + if (!valid_addr) { ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, start_address); return; } - ESP_FAULT_ASSERT(!paddr_chk); + ESP_FAULT_ASSERT(valid_addr); + spi_flash_hal_erase_block(host, start_address); } void _ss_spi_flash_hal_erase_sector(spi_flash_host_inst_t *host, uint32_t start_address) { - bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(start_address, FLASH_SECTOR_SIZE); - if (paddr_chk) { + bool valid_addr = (is_spi_host_in_ree(host) && + !esp_tee_flash_check_prange_in_tee_region(start_address, FLASH_SECTOR_SIZE)); + + if (!valid_addr) { ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, start_address); return; } - ESP_FAULT_ASSERT(!paddr_chk); + ESP_FAULT_ASSERT(valid_addr); + spi_flash_hal_erase_sector(host, start_address); } void _ss_spi_flash_hal_program_page(spi_flash_host_inst_t *host, const void *buffer, uint32_t address, uint32_t length) { - bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(address, length); - if (paddr_chk) { + bool valid_addr = (is_spi_host_in_ree(host) && + !esp_tee_flash_check_prange_in_tee_region(address, length) && + esp_tee_buf_in_ree(buffer, length)); + + if (!valid_addr) { ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, address); return; } + ESP_FAULT_ASSERT(valid_addr); - bool buf_addr_chk = ((esp_tee_ptr_in_ree((void *)buffer) && esp_tee_ptr_in_ree((void *)(buffer + length)))); - if (!buf_addr_chk) { - return; - } - - ESP_FAULT_ASSERT(!paddr_chk && buf_addr_chk); spi_flash_hal_program_page(host, buffer, address, length); } esp_err_t _ss_spi_flash_hal_read(spi_flash_host_inst_t *host, void *buffer, uint32_t address, uint32_t read_len) { - bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(address, read_len); - if (paddr_chk) { + bool valid_addr = (is_spi_host_in_ree(host) && + !esp_tee_flash_check_prange_in_tee_region(address, read_len) && + esp_tee_buf_in_ree(buffer, read_len)); + + if (!valid_addr) { ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, address); - return ESP_FAIL; + return ESP_ERR_INVALID_ARG; } + ESP_FAULT_ASSERT(valid_addr); - bool buf_addr_chk = ((esp_tee_ptr_in_ree((void *)buffer) && esp_tee_ptr_in_ree((void *)(buffer + read_len)))); - if (!buf_addr_chk) { - return ESP_FAIL; - } - - ESP_FAULT_ASSERT(!paddr_chk && buf_addr_chk); return spi_flash_hal_read(host, buffer, address, read_len); } void _ss_spi_flash_hal_resume(spi_flash_host_inst_t *host) { + bool valid_addr = is_spi_host_in_ree(host); + + if (!valid_addr) { + return; + } + ESP_FAULT_ASSERT(valid_addr); + spi_flash_hal_resume(host); } esp_err_t _ss_spi_flash_hal_set_write_protect(spi_flash_host_inst_t *host, bool wp) { + bool valid_addr = is_spi_host_in_ree(host); + + if (!valid_addr) { + return ESP_ERR_INVALID_ARG; + } + ESP_FAULT_ASSERT(valid_addr); + return spi_flash_hal_set_write_protect(host, wp); } esp_err_t _ss_spi_flash_hal_setup_read_suspend(spi_flash_host_inst_t *host, const spi_flash_sus_cmd_conf *sus_conf) { + bool valid_addr = (is_spi_host_in_ree(host) && + esp_tee_buf_in_ree(sus_conf, sizeof(spi_flash_sus_cmd_conf))); + + if (!valid_addr) { + return ESP_ERR_INVALID_ARG; + } + ESP_FAULT_ASSERT(valid_addr); + return spi_flash_hal_setup_read_suspend(host, sus_conf); } bool _ss_spi_flash_hal_supports_direct_read(spi_flash_host_inst_t *host, const void *p) { + bool valid_addr = (is_spi_host_in_ree(host) && esp_tee_ptr_in_ree(p)); + + if (!valid_addr) { + return false; + } + ESP_FAULT_ASSERT(valid_addr); + return spi_flash_hal_supports_direct_read(host, p); } bool _ss_spi_flash_hal_supports_direct_write(spi_flash_host_inst_t *host, const void *p) { + bool valid_addr = (is_spi_host_in_ree(host) && esp_tee_ptr_in_ree(p)); + + if (!valid_addr) { + return false; + } + ESP_FAULT_ASSERT(valid_addr); + return spi_flash_hal_supports_direct_write(host, p); } void _ss_spi_flash_hal_suspend(spi_flash_host_inst_t *host) { + bool valid_addr = is_spi_host_in_ree(host); + + if (!valid_addr) { + return; + } + ESP_FAULT_ASSERT(valid_addr); + spi_flash_hal_suspend(host); } @@ -397,29 +493,41 @@ uint32_t _ss_bootloader_flash_execute_command_common( uint8_t mosi_len, uint32_t mosi_data, uint8_t miso_len) { - bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(address, mosi_len); - paddr_chk |= esp_tee_flash_check_prange_in_tee_region(address, miso_len); - if (paddr_chk) { + bool valid_addr = (!esp_tee_flash_check_prange_in_tee_region(address, mosi_len) && + !esp_tee_flash_check_prange_in_tee_region(address, miso_len)); + + if (!valid_addr) { ESP_LOGD(TAG, "[%s] Illegal flash access at 0x%08x", __func__, address); return 0; } - ESP_FAULT_ASSERT(!paddr_chk); + ESP_FAULT_ASSERT(valid_addr); + return bootloader_flash_execute_command_common(command, addr_len, address, dummy_len, mosi_len, mosi_data, miso_len); } esp_err_t _ss_memspi_host_flush_cache(spi_flash_host_inst_t *host, uint32_t addr, uint32_t size) { - bool paddr_chk = esp_tee_flash_check_prange_in_tee_region(addr, size); - if (paddr_chk) { - return ESP_FAIL; + bool valid_addr = (is_spi_host_in_ree(host) && + !esp_tee_flash_check_prange_in_tee_region(addr, size)); + + if (!valid_addr) { + return ESP_ERR_INVALID_ARG; } - ESP_FAULT_ASSERT(!paddr_chk); + ESP_FAULT_ASSERT(valid_addr); + return memspi_host_flush_cache(host, addr, size); } esp_err_t _ss_spi_flash_chip_generic_config_host_io_mode(esp_flash_t *chip, uint32_t flags) { + bool valid_addr = esp_tee_buf_in_ree(chip, sizeof(struct esp_flash_t)); + + if (!valid_addr) { + return ESP_ERR_INVALID_ARG; + } + ESP_FAULT_ASSERT(valid_addr); + return spi_flash_chip_generic_config_host_io_mode(chip, flags); } @@ -451,6 +559,13 @@ void _ss_mspi_timing_change_speed_mode_cache_safe(bool switch_down) void _ss_spi_timing_get_flash_timing_param(spi_flash_hal_timing_config_t *out_timing_config) { + bool valid_addr = esp_tee_buf_in_ree(out_timing_config, sizeof(spi_flash_hal_timing_config_t)); + + if (!valid_addr) { + return; + } + ESP_FAULT_ASSERT(valid_addr); + spi_timing_get_flash_timing_param(out_timing_config); } #endif diff --git a/components/esp_tee/subproject/main/include/esp_tee_memory_utils.h b/components/esp_tee/subproject/main/include/esp_tee_memory_utils.h index 772b963a38..7ddb6a0cfb 100644 --- a/components/esp_tee/subproject/main/include/esp_tee_memory_utils.h +++ b/components/esp_tee/subproject/main/include/esp_tee_memory_utils.h @@ -1,10 +1,12 @@ /* - * SPDX-FileCopyrightText: 2025 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2025-2026 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ #pragma once +#include +#include #include "esp_attr.h" #include "soc/soc.h" #include "soc/ext_mem_defs.h" @@ -16,10 +18,10 @@ extern "C" { FORCE_INLINE_ATTR bool esp_tee_ptr_in_ree(const void *p) { - intptr_t addr = (intptr_t)p; + uintptr_t addr = (uintptr_t)p; return ( (addr >= SOC_NS_IDRAM_START && addr < SOC_NS_IDRAM_END) || - (addr >= (intptr_t)esp_tee_app_config.ns_drom_start && + (addr >= (uintptr_t)esp_tee_app_config.ns_drom_start && addr < SOC_S_MMU_MMAP_RESV_START_VADDR) #if SOC_RTC_MEM_SUPPORTED || (addr >= SOC_RTC_DATA_LOW && addr < SOC_RTC_DATA_HIGH) @@ -27,6 +29,19 @@ FORCE_INLINE_ATTR bool esp_tee_ptr_in_ree(const void *p) ); } +FORCE_INLINE_ATTR bool esp_tee_buf_in_ree(const void *p, size_t len) +{ + uintptr_t start = (uintptr_t)p; + + /* Reject zero-length and overflow */ + if (len == 0 || len > (SIZE_MAX - start)) { + return false; + } + + return esp_tee_ptr_in_ree(p) && + esp_tee_ptr_in_ree((const char *)p + len - 1); +} + #ifdef __cplusplus } #endif diff --git a/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.release b/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.release index 873c025eb1..d1feac2ef0 100644 --- a/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.release +++ b/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.release @@ -1,8 +1,6 @@ -# Reducing TEE I/DRAM sizes +# Reducing TEE IRAM size # 29KB CONFIG_SECURE_TEE_IRAM_SIZE=0x7400 -# 20KB -CONFIG_SECURE_TEE_DRAM_SIZE=0x5000 # TEE Secure Storage: Release mode CONFIG_SECURE_TEE_SEC_STG_MODE_RELEASE=y diff --git a/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.sb_fe b/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.sb_fe index bdec94c11b..fe40c08d00 100644 --- a/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.sb_fe +++ b/components/esp_tee/test_apps/tee_cli_app/sdkconfig.ci.sb_fe @@ -1,3 +1,9 @@ +# Increasing TEE I/DRAM sizes +# 34KB +CONFIG_SECURE_TEE_IRAM_SIZE=0x8800 +# 22KB +CONFIG_SECURE_TEE_DRAM_SIZE=0x5800 + # Security features - build-only configuration CONFIG_PARTITION_TABLE_OFFSET=0xf000 diff --git a/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c b/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c index 4d8f2dcdf7..0686030732 100644 --- a/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c +++ b/components/esp_tee/test_apps/tee_test_fw/main/test_esp_tee_sec_stg.c @@ -329,13 +329,13 @@ TEST_CASE("Test TEE Secure Storage - Null Pointer and Zero Length", "[sec_storag }; TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, sizeof(iv), NULL, sizeof(tag), data)); - TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, sizeof(iv), tag, 0, data)); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, sizeof(iv), tag, 0, data)); TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_encrypt(&aead_ctx, NULL, sizeof(iv), tag, sizeof(tag), data)); - TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, 0, tag, sizeof(tag), data)); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, 0, tag, sizeof(tag), data)); TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, sizeof(iv), NULL, sizeof(tag), data)); - TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, sizeof(iv), tag, 0, data)); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, sizeof(iv), tag, 0, data)); TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_decrypt(&aead_ctx, NULL, sizeof(iv), tag, sizeof(tag), data)); - TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, 0, tag, sizeof(tag), data)); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, 0, tag, sizeof(tag), data)); aead_ctx.input = NULL; aead_ctx.input_len = sizeof(data); @@ -344,8 +344,8 @@ TEST_CASE("Test TEE Secure Storage - Null Pointer and Zero Length", "[sec_storag aead_ctx.input = data; aead_ctx.input_len = 0; - TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, sizeof(iv), tag, sizeof(tag), data)); - TEST_ESP_ERR(ESP_ERR_INVALID_SIZE, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, sizeof(iv), tag, sizeof(tag), data)); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_encrypt(&aead_ctx, iv, sizeof(iv), tag, sizeof(tag), data)); + TEST_ESP_ERR(ESP_ERR_INVALID_ARG, esp_tee_sec_storage_aead_decrypt(&aead_ctx, iv, sizeof(iv), tag, sizeof(tag), data)); TEST_ESP_OK(esp_tee_sec_storage_clear_key(key_id)); diff --git a/components/esp_tee/test_apps/tee_test_fw/sdkconfig.ci.tee_ota b/components/esp_tee/test_apps/tee_test_fw/sdkconfig.ci.tee_ota index d10fedd842..71e5dddc2d 100644 --- a/components/esp_tee/test_apps/tee_test_fw/sdkconfig.ci.tee_ota +++ b/components/esp_tee/test_apps/tee_test_fw/sdkconfig.ci.tee_ota @@ -16,7 +16,3 @@ CONFIG_SECURE_TEE_ATT_KEY_STR_ID="tee_att_keyN" # Enabling flash protection over SPI1 CONFIG_SECURE_TEE_EXT_FLASH_MEMPROT_SPI1=y - -# Increasing TEE DRAM size -# 20KB -CONFIG_SECURE_TEE_DRAM_SIZE=0x5000 diff --git a/components/esp_tee/test_apps/tee_test_fw/sdkconfig.defaults b/components/esp_tee/test_apps/tee_test_fw/sdkconfig.defaults index 4b67d45b71..9abd3154f4 100644 --- a/components/esp_tee/test_apps/tee_test_fw/sdkconfig.defaults +++ b/components/esp_tee/test_apps/tee_test_fw/sdkconfig.defaults @@ -12,5 +12,6 @@ CONFIG_SECURE_TEE_TEST_MODE=y CONFIG_PARTITION_TABLE_SINGLE_APP_TEE=y CONFIG_PARTITION_TABLE_OFFSET=0xF000 -# TEE IRAM size -CONFIG_SECURE_TEE_IRAM_SIZE=0xC400 +# Increasing TEE I/DRAM size +CONFIG_SECURE_TEE_IRAM_SIZE=0x8800 +CONFIG_SECURE_TEE_DRAM_SIZE=0x5800