ta: add warning about TA parameter checking

[jbech-linaro]

Fixes potential future security vulnerabilites by highlighting the importance of verifying expected parameter types in Trusted Applications, as discussed in the GlobalConfusion paper [1] by Marcel Busch et al.

Note that a proposed fix (and a proof of concept using OP-TEE) is suggested in the same paper, which involves requiring TA writers to register expected function parameters. However, this change has not yet been added to any GlobalPlatform specifications (there is a discussion ongoing).

Link: [1] https://hexhive.epfl.ch/publications/files/24SEC4.pdf

[jbech-linaro]

Note to self, when looking at our recommendation, we should update the docs to use this way of checking instead,

    uint32_t exp_param_types = TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT,
                           TEE_PARAM_TYPE_MEMREF_INPUT,
                           TEE_PARAM_TYPE_MEMREF_INPUT,
                           TEE_PARAM_TYPE_VALUE_INPUT);

    if (param_types != exp_param_types)
        return TEE_ERROR_BAD_PARAMETERS;

which is a lot cleaner, compared to the current recommendation in the docs, that looks like this:

    if ((TEE_PARAM_TYPE_GET(param_types, 0) != TEE_PARAM_TYPE_VALUE_IN) ||
        (TEE_PARAM_TYPE_GET(param_types, 1) != TEE_PARAM_TYPE_VALUE_OUT) ||
        (TEE_PARAM_TYPE_GET(param_types, 2) != TEE_PARAM_TYPE_MEMREF_INOUT) ||
        (TEE_PARAM_TYPE_GET(param_types, 3) != TEE_PARAM_TYPE_NONE)) {
        return TEE_ERROR_BAD_PARAMETERS
    }

Others, do you agree?

[jbech-linaro]

I've added another commit to this PR that fixes the example as well.