AnsweredAssumed Answered

What function calls are safe with Lockbox?

Question asked by noamc on Nov 15, 2010
Latest reply on Nov 26, 2010 by noamc

Hello,

 

I've got a question regarding the secure mode in Lockbox and the use of library functions.

When using Lockbox there seems to be a potential risk when calling library functions which are not signed or authenticated in any way.

For example even calling memcpy may potentially leave a backdoor for potential change in running of authenticated code.

 

To expand on the problem, suppose I have an application where I would like to make an authenticated computation and communicate the answer through USB for example.  Is there a way to secure the computation in addition to the reply sent through USB? For example, is there a possibility of remaining in secure mode during USB message transfer without risking the integrity of the authenticated computation (in light of the memcpy example) or does the order of events has to be:

1. enter secure mode;

2. perform authenticated computation;

3. leave secure mode;

4. send USB message

5. goto 1

 

Also, in relation to this question, Is there a list of functions kept in ROM which are safe for use during running in secure mode?

 

Thanks,

Noam

Outcomes