Simplify the relaxed output-output rule

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-07-28 00:21:48 +03:00 · 2023-10-13 19:56:22 +02:00
parent 60c453ee72
commit 352095ca86
1 changed files with 2 additions and 1 deletions
--- a/docs/architecture/psa-shared-memory.md
+++ b/docs/architecture/psa-shared-memory.md
@ -91,7 +91,8 @@ The following rules guarantee that shared memory cannot result in a security vio

 * Never read the same input twice at the same index.
 * Never read back from an output.
-* Once potentially confidential data has been written to an output, it may not be overwritten. (This rule is more complex to allow writing non-confidential data first, for example to pre-initialize an output to zero for robustness.)
+* Never write to the output twice at the same index.
+    * This rule can usefully be relaxed in many circumstances. It is ok to write data that is independent of the inputs (and not otherwise confidential), then overwrite it. For example, it is ok to zero the output buffer before starting to process the input.

 These rules are very difficult to enforce.