aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSandrine Bailleux <sandrine.bailleux@arm.com>2022-05-16 15:10:27 +0200
committerSandrine Bailleux <sandrine.bailleux@arm.com>2022-05-19 11:31:39 +0200
commitd08c496699ae4b9bd5c072615c134206e3edbad7 (patch)
treef532b237a3300776b6efa5a0a7bbbac177f52c13
parent3d6cc210660e239fdb426094e5631f5ebd03cbe8 (diff)
downloadtrusted-firmware-a-d08c496699ae4b9bd5c072615c134206e3edbad7.tar.gz
docs(threat-model): make measured boot out of scope
Add an explicit note that measured boot is out of scope of the threat model. For example, we have no threat related to the secure management of measurements, nor do we list its security benefits (e.g. in terms of repudiation). This might be a future improvement to the threat model but for now just acknowledge it is not considered. Change-Id: I2fb799a2ef0951aa681a755a948bd2b67415d156 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-rw-r--r--docs/threat_model/threat_model.rst3
1 files changed, 3 insertions, 0 deletions
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 86b21345f6..2e11a94797 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -36,6 +36,9 @@ assumptions:
- There is no Secure-EL2. We don't consider threats that may come with
Secure-EL2 software.
+- Measured boot is disabled. We do not consider the threats nor the mitigations
+ that may come with it.
+
- No experimental features are enabled. We do not consider threats that may come
from them.