21.0.0.SPC2
This section describes the issues that are resolved by the 21.0.0.SPC2 patch for Kunpeng BoostKit 21.0.0 Confidential Computing TrustZone Kit.
Trouble Ticket No. |
DTS: DTS2022062500500 Vulnerability ID: HWPSIRT-2022-87612 |
|---|---|
Description |
Condition: The TA invokes the key export function interface. Symptom: The TEE OS does not clear the key information in the cache in a timely manner. Impact: Sensitive key data may remain in the TEE secure memory. |
Severity |
Minor |
Cause Analysis |
In the key export process, the TEE OS does not clear the key information in the cache in a timely manner after using the key. |
Solution |
The TEE OS clears the sensitive data memory after using the key. |
Impact |
The defect is rectified, and no other impact is imposed. |
Test Suggestion |
Ensure that the sensitive data clearing operation has been added to the code of the TEE OS key export process. |
Trouble Ticket No. |
DTS: DTS2022062707492 Vulnerability ID: HWPSIRT-2022-98936 |
|---|---|
Description |
Condition: When one TA invokes another TA, the invoked TA sets the memref.size value of the shared memory to 0. Symptom: When one TA invokes another TA, the invoking TA cannot release the shared memory after the invoked TA returns the result. Impact: Memory leakage in the TEE. |
Severity |
Minor |
Cause Analysis |
When the invoking TA invokes the value of memref.size set by the called TA and the value is 0, the invoking TA fails to release the shared memory. |
Solution |
The invoking TA invokes the memref.size copy value saved by itself when releasing the shared memory. |
Impact |
The defect is rectified, and no other impact is imposed. |
Test Suggestion |
In the scenario where one TA invokes another TA, use the memdump tool to check whether memory leakage occurs in the TEE. |