commit 9b532c9d41b49180d3b5413436ee0e8baec6a5eb
author Feder Liang <Feder.Liang@arm.com> Thu Dec 09 16:03:18 2021 +0800
committer David Hu <david.hu@arm.com> Tue Feb 22 06:37:03 2022 +0100
tree 6000ac60f191e37dfb5e844b26531587a24029d6
parent 7b9ce8710a8657819405235d5cfd42372cfbf4cb

Docs: Update generic threat model

FP support can be enabled in SEP or NSPE, update generic threat model
based on current FP feature/implementation in TF-M.

Signed-off-by: Feder Liang <Feder.Liang@arm.com>
Change-Id: Ida801c7847ac03fc29246d23dd9ef9b8ad5c122a

docs/security/threat_models/generic_threat_model.rst

diff --git a/docs/security/threat_models/generic_threat_model.rst b/docs/security/threat_models/generic_threat_model.rst
index 0eaef81..437d8d0 100644
--- a/docs/security/threat_models/generic_threat_model.rst
+++ b/docs/security/threat_models/generic_threat_model.rst
@@ -888,10 +888,11 @@
   |               | purpose registers not banked before switching into NSPE to |
   |               | prevent NSPE probing secure context from the registers.    |
   |               |                                                            |
-  |               | In current TF-M implementation, when FPU is enabled in SPE,|
-  |               | TF-M configures Non-secure Access Control Register (NSACR) |
-  |               | to disable NSPE to access FPU. Therefore, FP register      |
-  |               | context belonging to SPE is protected from NSPE.           |
+  |               | When FPU is enabled in TF-M, secure FP context belonging to|
+  |               | a secure partition will be saved on this partition's stack |
+  |               | and cleaned by hardware during context switching. Also TF-M|
+  |               | cleans secure FP context in FP registers before switching  |
+  |               | into NSPE to prevent NSPE from probing secure FP context.  |
   +---------------+------------------------------------------------------------+
   | CVSS Score    | 4.3 (Medium)                                               |
   +---------------+------------------------------------------------------------+
@@ -923,10 +924,13 @@
   |               | automatically cleans up the registers not banked before    |
   |               | switching to Non-secure state while taking NS interrupts.  |
   |               |                                                            |
-  |               | In current TF-M implementation, when FPU is enabled in SPE,|
-  |               | TF-M configures NSACR to disable NSPE to access FPU.       |
-  |               | Therefore, FP register context belonging to SPE is         |
-  |               | protected from NSPE.                                       |
+  |               | When FPU is enabled in TF-M, with setting of FPCCR_S.TS = 1|
+  |               | besides secure FP context in FP caller registers, FP       |
+  |               | context in FP callee registers will also be cleaned by     |
+  |               | hardware automatically when NS interrupts occur, to prevent|
+  |               | NSPE from probing secure FP context in FP registers. Refer |
+  |               | to Armv8-M Architecture Reference Manual[ARM arm]_ for     |
+  |               | details.                                                   |
   |               |                                                            |
   |               | On dual-cpu platforms, shared registers are implementation |
   |               | defined, such as Inter-Processor Communication registers.  |
@@ -1003,10 +1007,13 @@
   |               | not banked, such as R0~R3 and R12, during secure interrupt |
   |               | return, before NSPE software can access those registers.   |
   |               |                                                            |
-  |               | In current TF-M implementation, when FPU is enabled in SPE,|
-  |               | TF-M configures NSACR to disable NSPE to access FPU.       |
-  |               | Therefore, FP register context belonging to SPE is         |
-  |               | protected from NSPE.                                       |
+  |               | When FPU is enabled in TF-M, with setting of               |
+  |               | FPCCR_S.TS = 1 and FPCCR_S.CLRONRET = 1, besides secure FP |
+  |               | context in FP caller registers, FP context in callee       |
+  |               | registers will also be cleaned by hardware automatically   |
+  |               | during S exception return, to prevent NSPE from probing    |
+  |               | secure FP context in FP registers. Refer to Armv8-M        |
+  |               | Architecture Reference Manual [ARM arm]_ for details.      |
   +---------------+------------------------------------------------------------+
   | CVSS Score    | 4.3 (Medium)                                               |
   +---------------+------------------------------------------------------------+
@@ -1127,6 +1134,8 @@
   +---------+--------------------------------------------------+---------------+
   | v1.1    | Update version                                   | TF-M v1.5.0   |
   +---------+--------------------------------------------------+---------------+
+  | v1.2    | Update details to align FP support in NSPE.      | TF-M v1.5.0   |
+  +---------+--------------------------------------------------+---------------+
 
 *********
 Reference
@@ -1148,6 +1157,8 @@
 
 .. [ROLLBACK-PROTECT] :doc:`Rollback protection in TF-M secure boot </docs/technical_references/design_docs/secure_boot_rollback_protection>`
 
+.. [ARM arm] `Armv8-M Architecture Reference Manual <https://developer.arm.com/documentation/ddi0553/latest>`_
+
 .. [STACK-SEAL] `Armv8-M processor Secure software Stack Sealing vulnerability <https://developer.arm.com/support/arm-security-updates/armv8-m-stack-sealing>`_
 
 .. [ADVISORY-TFMV-1] :doc:`Advisory TFMV-1 </docs/security/security_advisories/stack_seal_vulnerability>`