diff --git a/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/lib.rs b/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/lib.rs index ce2dc87..95c2cb4 100644 --- a/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/lib.rs +++ b/apps/system/components/SecurityCoordinator/kata-security-coordinator/src/lib.rs @@ -22,9 +22,9 @@ extern crate alloc; use alloc::boxed::Box; use alloc::string::String; use kata_memory_interface::ObjDescBundle; +use kata_security_interface::KeyValueData; use kata_security_interface::SecurityCoordinatorInterface; use kata_security_interface::SecurityRequestError; -use kata_security_interface::KeyValueData; #[cfg(all(feature = "fake", feature = "sel4"))] compile_error!("features \"fake\" and \"sel4\" are mutually exclusive"); diff --git a/apps/system/components/SecurityCoordinator/kata-security-interface/src/lib.rs b/apps/system/components/SecurityCoordinator/kata-security-interface/src/lib.rs index ae620a6..75856f6 100644 --- a/apps/system/components/SecurityCoordinator/kata-security-interface/src/lib.rs +++ b/apps/system/components/SecurityCoordinator/kata-security-interface/src/lib.rs @@ -305,6 +305,11 @@ pub fn kata_security_request( reply_buffer as *mut _, ) } else { + // NB: guard against a received badge being treated as an + // outbound capability. This is needed because the code CAmkES + // generates for security_request always enables possible xmit + // of 1 capability. + Camkes::clear_request_cap(); security_request( request, request_buffer.len() as u32, @@ -335,6 +340,10 @@ pub fn kata_security_echo(request: &str) -> Result #[inline] #[allow(dead_code)] pub fn kata_security_install(pkg_contents: &ObjDescBundle) -> Result { + Camkes::debug_assert_slot_cnode( + "kata_security_install", + &Camkes::top_level_path(pkg_contents.cnode), + ); let reply = &mut [0u8; SECURITY_REPLY_DATA_SIZE]; kata_security_request( SecurityRequest::SrInstall,