While isolation levels greater than 1 are involved in PSA certificate, the existing runtime library for secure partition lacks security consideration and contains its own private data, this prevents secure partition calling these APIs because of potential information leakage.
A new runtime library needs to be available for secure partition with security consideration at the very start of design. The design should not break the isolation requirements listed in the PSA Firmware Framework specification. This runtime library also needs to be sharable for all secure partitions to save storage on IoT device, and it needs to be read-only to avoid tampering. And the most important part, no private data could exist inside of runtime library.
This new runtime library would keep security isolation consideration out of secure partition designers, which make the development environment unified for secure partition developers. And save the size for IoT software since this library is shared.
Staff Software Engineer (Arm China)
Ken Liu is a software engineer at Arm on security solutions. He has been working in silicon company for over 15 years before joining Arm and focused on network, multi-media, product system and security solutions. He is now a key member engineer of Trusted Firmware M open source project.
Senior Software Engineer (Arm)
Edison is working in CE-OSS Firmware team in ARM company and the workplace is in Shanghai, China. His work is mainly focused on the implementation of Trust Firmware M based on the PSA Firmware Framework.