ta: warning on TA/PTA shared buffer handling

Added a warning regarding buffer reference handling in TA/PTA. Link: OP-TEE/optee_os#7131 Signed-off-by: Pierre-Sébastien Bost <[email protected]> Acked-by: Jens Wiklander <[email protected]> Acked-by: Etienne Carriere <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
OP-TEE · Nov 15, 2024 · fde0384 · fde0384
1 parent b9ff227
commit fde0384
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/building/trusted_applications.rst b/building/trusted_applications.rst
@@ -347,6 +347,14 @@ sequence:
         }
     }
 
+.. warning::
+  As stated in the Global API documentation (v1.3.1, section 4.11.1), memory 
+  references (``TEE_PARAM_TYPE_MEMREF_*``) underlying buffers are not locked 
+  for TEE exclusive access and can therefore be modified by a non-secure client 
+  during command processing. It is the reponsability of the TA (or PTA) to ensure 
+  data immutability during command execution, if such a property is needed. 
+  For example, a TA (or PTA) could copy all input data into a locally allocated buffer
+  and only access this copy.
 
 Identifying TA's client
 ***********************