aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSandrine Bailleux <sandrine.bailleux@arm.com>2022-05-12 16:37:18 +0200
committerSandrine Bailleux <sandrine.bailleux@arm.com>2022-05-17 10:01:11 +0200
commit3d6cc210660e239fdb426094e5631f5ebd03cbe8 (patch)
tree4a7ebe23ce45d60dc0b43b36315926a648dc39a9
parent1b7c82cafe8f5bd83f46a7c6f26618d58cdd36f2 (diff)
downloadtrusted-firmware-a-3d6cc210660e239fdb426094e5631f5ebd03cbe8.tar.gz
docs(threat-model): revamp threat #9
Reword the description of threat #9 to make it more future-proof for Arm CCA. By avoiding specific references to secure or non-secure contexts, in favour of "worlds" and "security contexts", we make the description equally applicable to 2-world and 4-world architectures. Note that there are other threats that would benefit from such a similar revamp but this is out of scope of this patch. Also list malicious secure world code as a potential threat agent. This seems to be an oversight in the first version of the threat model (i.e. this change is not related to Arm CCA). Change-Id: Id8c8424b0a801104c4f3dc70e344ee702d2b259a Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-rw-r--r--docs/threat_model/threat_model.rst11
1 files changed, 5 insertions, 6 deletions
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 611e8a108b..86b21345f6 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -617,19 +617,18 @@ each diagram element of the data flow diagram.
| Threat | | **Improperly handled SMC calls can leak register |
| | contents** |
| | |
-| | | When switching between secure and non-secure |
-| | states, register contents of Secure world or |
-| | register contents of other normal world clients |
-| | can be leaked. |
+| | | When switching between worlds, TF-A register state |
+| | can leak to software in different security |
+| | contexts. |
+------------------------+------------------------------------------------------+
-| Diagram Elements | DF5 |
+| Diagram Elements | DF4, DF5 |
+------------------------+------------------------------------------------------+
| Affected TF-A | BL31 |
| Components | |
+------------------------+------------------------------------------------------+
| Assets | Sensitive Data |
+------------------------+------------------------------------------------------+
-| Threat Agent | NSCode |
+| Threat Agent | NSCode, SecCode |
+------------------------+------------------------------------------------------+
| Threat Type | Information Disclosure |
+------------------------+-------------------+----------------+-----------------+