From 1d3276da659583bd8b4040dc2078560dc7cef75d Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 12 Mar 2024 16:47:46 +0000 Subject: [PATCH] Reword ChangeLog entry for shared memory work Specifically: * Clarify that passing shared buffers is now secure by default (not newly supported) * Remove spurious hyphen * Clarify that we do not guarantee copying, but rather guarantee protection, allowing us to implement this differently in future if required. * Mention both protection of inputs from modification and outputs from exposure of intermediate results. * Invert the config option, from an enable-option to a disable-option. Signed-off-by: David Horstmann --- ChangeLog.d/psa-shared-memory-protection.txt | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/ChangeLog.d/psa-shared-memory-protection.txt b/ChangeLog.d/psa-shared-memory-protection.txt index f4f6ea0f46..6322563b16 100644 --- a/ChangeLog.d/psa-shared-memory-protection.txt +++ b/ChangeLog.d/psa-shared-memory-protection.txt @@ -1,8 +1,10 @@ Security - * Support calling PSA functions with buffer arguments that are in memory - shared with an untrusted party. The PSA core now makes copies of all - buffers before passing them to drivers to protect drivers against - modification of buffers during operations. - This feature increases code-size and memory usage. If buffers passed to - PSA functions are all trusted, buffer copying may be disabled by - unsetting MBEDTLS_PSA_COPY_CALLER_BUFFERS. + * Passing buffers that are stored in untrusted memory as arguments + to PSA functions is now secure by default. + The PSA core now protects against modification of inputs or exposure + of intermediate outputs during operations. This is currently implemented + by copying buffers. + This feature increases code size and memory usage. If buffers passed to + PSA functions are owned exclusively by the PSA core for the duration of + the function call, copying may be disabled by setting + MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS.