Searched hist:"7 db24ad625b91a7f4f16c33b7c825cd56952a8cf" (Results 1 – 1 of 1) sorted by relevance
| /optee_os/mk/ |
| H A D | config.mk | 7db24ad625b91a7f4f16c33b7c825cd56952a8cf Thu Feb 07 17:25:24 UTC 2019 Jerome Forissier <jerome.forissier@linaro.org> core: REE FS TAs: add option to verify signature before processing
Adds configuration flag CFG_REE_FS_TA_BUFFERED, default enabled.
A new TA store is introduced which depends on the TEE FS TA store to
load the whole binary into a temporary buffer in secure DDR and
authenticate it before being processed further.
This reduces the attack surface of the TEE core in case of a
vulnerability in the ELF loader, at the expense of increased memory
usage at load time.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com> [3.6]
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|