diff options
author | Sandrine Bailleux <sandrine.bailleux@arm.com> | 2022-05-12 16:37:18 +0200 |
---|---|---|
committer | Sandrine Bailleux <sandrine.bailleux@arm.com> | 2022-05-17 10:01:11 +0200 |
commit | 3d6cc210660e239fdb426094e5631f5ebd03cbe8 (patch) | |
tree | 4a7ebe23ce45d60dc0b43b36315926a648dc39a9 | |
parent | 1b7c82cafe8f5bd83f46a7c6f26618d58cdd36f2 (diff) | |
download | trusted-firmware-a-3d6cc210660e239fdb426094e5631f5ebd03cbe8.tar.gz |
docs(threat-model): revamp threat #9
Reword the description of threat #9 to make it more future-proof for
Arm CCA. By avoiding specific references to secure or non-secure
contexts, in favour of "worlds" and "security contexts", we make the
description equally applicable to 2-world and 4-world architectures.
Note that there are other threats that would benefit from such a
similar revamp but this is out of scope of this patch.
Also list malicious secure world code as a potential threat
agent. This seems to be an oversight in the first version of the
threat model (i.e. this change is not related to Arm CCA).
Change-Id: Id8c8424b0a801104c4f3dc70e344ee702d2b259a
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
-rw-r--r-- | docs/threat_model/threat_model.rst | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst index 611e8a108b..86b21345f6 100644 --- a/docs/threat_model/threat_model.rst +++ b/docs/threat_model/threat_model.rst @@ -617,19 +617,18 @@ each diagram element of the data flow diagram. | Threat | | **Improperly handled SMC calls can leak register | | | contents** | | | | -| | | When switching between secure and non-secure | -| | states, register contents of Secure world or | -| | register contents of other normal world clients | -| | can be leaked. | +| | | When switching between worlds, TF-A register state | +| | can leak to software in different security | +| | contexts. | +------------------------+------------------------------------------------------+ -| Diagram Elements | DF5 | +| Diagram Elements | DF4, DF5 | +------------------------+------------------------------------------------------+ | Affected TF-A | BL31 | | Components | | +------------------------+------------------------------------------------------+ | Assets | Sensitive Data | +------------------------+------------------------------------------------------+ -| Threat Agent | NSCode | +| Threat Agent | NSCode, SecCode | +------------------------+------------------------------------------------------+ | Threat Type | Information Disclosure | +------------------------+-------------------+----------------+-----------------+ |