jforissier
commented
3 years ago Hi @jingdlu,
I checked the GlobalPlatform TEE Internal Core API specification and I find it unclear on what should happen in this scenario.
- On the one hand, 2.3.3 Panics says "When a Panic occurs, the Trusted Core Framework kills the panicking TA instance [...]. It closes all resources that the TA instance opened [...] and destroys the instance";
- On the other hand, Table 4-11 Trusted Application Standard Configuration Properties mentions "the TA instance is terminated only when the TEE shuts down[...]. Note that the TEE SHALL NOT shut down whenever the REE does not shut down and keeps a restorable state[...]".
So should a panic in a keep alive TA destroy the instance or not? I do not think it makes sense to keep the instance (TA context) because the resources used by this context would never be released yet the TA would never be able to make progress (since it panicked). So I think the current behavior is correct, but I can ask GP for clarifications if you think it can be helpful.
jingdlu
https://github.com/OP-TEE/optee_test/blob/13c4de15fa0370bfd37de476f02c103fd47ccc47/host/xtest/regression_1000.c#L1762
Because this line code will open session to sims_keepalive_test_ta. But this TA is keepalive and panic before. I think the panic status of TA ctx will be kept always once TA panic happens before.
Thanks, Jingdong