I've got a question regarding the secure mode in Lockbox and the use of library functions.
When using Lockbox there seems to be a potential risk when calling library functions which are not signed or authenticated in any way.
For example even calling memcpy may potentially leave a backdoor for potential change in running of authenticated code.
To expand on the problem, suppose I have an application where I would like to make an authenticated computation and communicate the answer through USB for example. Is there a way to secure the computation in addition to the reply sent through USB? For example, is there a possibility of remaining in secure mode during USB message transfer without risking the integrity of the authenticated computation (in light of the memcpy example) or does the order of events has to be:
1. enter secure mode;
2. perform authenticated computation;
3. leave secure mode;
4. send USB message
5. goto 1
Also, in relation to this question, Is there a list of functions kept in ROM which are safe for use during running in secure mode?