I noticed on slide 22 of the security principles presentation the function definition sec_sum_silly(int *p, volatile size_t *s); The presenter explicitly noted that they needed to mark the variable s as volatile. Im not sure I see why.
The contents of memory location s might change at any time due to a non secure interrupt(for ex. as the presenter suggested) or from another core, but given that we are copying the value in the statement size_t s_saved = *s, locally onto stack/registers, before performing the range check, I don't see how marking it as volatile will help. Once we copy the size locally, how does it matter if the value in non secure memory changes?
I apologize if I'm missing something obvious.
Thanks