5.3 Veneer Function Design
Veneer functions are the interface between your Non-Secure application and the PSA Crypto library running in the Secure zone. The design of these functions directly impacts the security and usability of the application.
Security Principle: The veneer layer acts as a security boundary. All data passed from Non-Secure to Secure must be validated. Pointers must be checked to ensure they reference Non-Secure memory and buffer sizes must be validated to prevent buffer overflows in the Secure region.
Application-Specific Design: Rather than exposing all PSA Crypto APIs through veneers, design the veneer interface based on actual application requirements. If the application only needs SHA-256 hashing and AES-GCM encryption, expose only those specific API interfaces. This minimizes the attack surface and reduces the NSC region size.
