aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/threat_model/threat_model.rst14
1 files changed, 8 insertions, 6 deletions
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 611e8a108b..2e11a94797 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -36,6 +36,9 @@ assumptions:
- There is no Secure-EL2. We don't consider threats that may come with
Secure-EL2 software.
+- Measured boot is disabled. We do not consider the threats nor the mitigations
+ that may come with it.
+
- No experimental features are enabled. We do not consider threats that may come
from them.
@@ -617,19 +620,18 @@ each diagram element of the data flow diagram.
| Threat | | **Improperly handled SMC calls can leak register |
| | contents** |
| | |
-| | | When switching between secure and non-secure |
-| | states, register contents of Secure world or |
-| | register contents of other normal world clients |
-| | can be leaked. |
+| | | When switching between worlds, TF-A register state |
+| | can leak to software in different security |
+| | contexts. |
+------------------------+------------------------------------------------------+
-| Diagram Elements | DF5 |
+| Diagram Elements | DF4, DF5 |
+------------------------+------------------------------------------------------+
| Affected TF-A | BL31 |
| Components | |
+------------------------+------------------------------------------------------+
| Assets | Sensitive Data |
+------------------------+------------------------------------------------------+
-| Threat Agent | NSCode |
+| Threat Agent | NSCode, SecCode |
+------------------------+------------------------------------------------------+
| Threat Type | Information Disclosure |
+------------------------+-------------------+----------------+-----------------+