From 8538cf14cd43b983d3f3153b0bf1aabeef028319 Mon Sep 17 00:00:00 2001
From: Robin Krahl <robin@nitrokey.com>
Date: Tue, 9 Jun 2026 20:25:37 +0200
Subject: [PATCH] Remove unconditional Send implementation for Service
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The unconditional Send implementation for Service is unsound because
we don’t know anything about the platform and dispatch implementations.
Instead, runners should add a manual Send implementation for the
required structs if necessary. For example, we have to add a manual
Send implementation for virt::Store. This is technically not correct
but currently the only way to make it work and still better than the
implementation for Service.

Fixes: https://github.com/trussed-dev/trussed/issues/211
---
 src/service.rs    | 3 ---
 src/virt.rs       | 8 ++++----
 src/virt/store.rs | 2 ++
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/service.rs b/src/service.rs
index 83feb5653c1..6428442a517 100644
--- a/src/service.rs
+++ b/src/service.rs
@@ -205,9 +205,6 @@ where
     dispatch: D,
 }
 
-// need to be able to send crypto service to an interrupt handler
-unsafe impl<P: Platform, D: Dispatch> Send for Service<P, D> {}
-
 impl<P: Platform> ServiceResources<P> {
     pub fn certstore(&mut self, ctx: &CoreContext) -> Result<ClientCertstore<P::S>> {
         self.rng()
diff --git a/src/virt.rs b/src/virt.rs
index a1eb419b5ff..c5a5631189e 100644
--- a/src/virt.rs
+++ b/src/virt.rs
@@ -105,8 +105,8 @@ impl<'a, I: 'static, C> Runner<'a, I, C> {
 
     pub fn run<P, D, F, R>(self, platform: P, dispatch: D, f: F) -> R
     where
-        P: platform::Platform,
-        D: Dispatch<Context = C, BackendId = I>,
+        P: platform::Platform + Send,
+        D: Dispatch<Context = C, BackendId = I> + Send,
         C: Send + Sync,
         I: Send + Sync,
         F: FnOnce() -> R,
@@ -160,7 +160,7 @@ impl Platform<'_> {
         self.run_client_with_backends(client_id, CoreOnly, &[], test)
     }
 
-    pub fn run_client_with_backends<R, D: Dispatch>(
+    pub fn run_client_with_backends<R, D: Dispatch + Send>(
         self,
         client_id: &str,
         dispatch: D,
@@ -197,7 +197,7 @@ impl Platform<'_> {
     }
 
     /// Using const generics rather than a `Vec` to allow destructuring in the method
-    pub fn run_clients_with_backends<R, D: Dispatch, const N: usize>(
+    pub fn run_clients_with_backends<R, D: Dispatch + Send, const N: usize>(
         self,
         client_ids: [(&str, &'static [BackendId<D::BackendId>]); N],
         dispatch: D,
diff --git a/src/virt/store.rs b/src/virt/store.rs
index e2ba2dee2d7..626aa3398af 100644
--- a/src/virt/store.rs
+++ b/src/virt/store.rs
@@ -166,3 +166,5 @@ impl store::Store for Store<'_> {
         self.volatile
     }
 }
+
+unsafe impl Send for Store<'_> {}