| Anton Komlev | f7a4404 | 2023-01-26 14:50:22 +0000 | [diff] [blame] | 1 | ######## |
| Summer Qin | abf6698 | 2021-04-06 17:22:15 +0800 | [diff] [blame] | 2 | Security |
| Anton Komlev | f7a4404 | 2023-01-26 14:50:22 +0000 | [diff] [blame] | 3 | ######## |
| 4 | |
| Summer Qin | abf6698 | 2021-04-06 17:22:15 +0800 | [diff] [blame] | 5 | .. toctree:: |
| 6 | :maxdepth: 1 |
| Summer Qin | abf6698 | 2021-04-06 17:22:15 +0800 | [diff] [blame] | 7 | |
| Anton Komlev | f7a4404 | 2023-01-26 14:50:22 +0000 | [diff] [blame] | 8 | Threat Model <threat_models/index> |
| 9 | Security Advisories <security_advisories/index> |
| 10 | |
| 11 | Security Disclosures |
| 12 | -------------------- |
| 13 | |
| Nicola Mazzucato | 0feca42 | 2024-09-18 16:40:49 +0100 | [diff] [blame] | 14 | Trusted Firmware-M (TF-M) disclose all security vulnerabilities, or are advised |
| Anton Komlev | f7a4404 | 2023-01-26 14:50:22 +0000 | [diff] [blame] | 15 | about, that are relevant to TF-M. TF-M encourage responsible disclosure of |
| 16 | vulnerabilities and try the best to inform users about all possible issues. |
| 17 | |
| 18 | The TF-M vulnerabilities are disclosed as Security Advisories, all of which are |
| Nicola Mazzucato | 0feca42 | 2024-09-18 16:40:49 +0100 | [diff] [blame] | 19 | listed in the `Security Advisories`_ section. |
| Anton Komlev | f7a4404 | 2023-01-26 14:50:22 +0000 | [diff] [blame] | 20 | |
| 21 | Found a Security Issue? |
| 22 | ----------------------- |
| 23 | |
| 24 | Although TF-M try to keep secure, it can only do so with the help of the |
| 25 | community of developers and security researchers. |
| 26 | |
| 27 | .. warning:: |
| 28 | If any security vulnerability was found, please **do not** |
| 29 | report it in the `issue tracker`_ or on the `mailing list`_. Instead, please |
| Anton Komlev | bd4582c | 2024-04-04 15:37:43 +0100 | [diff] [blame] | 30 | follow the `Security incident process`_. |
| Anton Komlev | f7a4404 | 2023-01-26 14:50:22 +0000 | [diff] [blame] | 31 | |
| 32 | One of the goals of this process is to ensure providers of products that use |
| 33 | TF-M have a chance to consider the implications of the vulnerability and its |
| 34 | remedy before it is made public. As such, please follow the disclosure plan |
| 35 | outlined in the `Security Incident Process`_. TF-M do the best to respond and |
| 36 | fix any issues quickly. |
| 37 | |
| 38 | Afterwards, write-up all the findings about the TF-M source code is highly |
| 39 | encouraged. |
| 40 | |
| 41 | Attribution |
| 42 | ----------- |
| 43 | |
| 44 | TF-M values researchers and community members who report vulnerabilities and |
| 45 | TF-M policy is to credit the contributor's name in the published security advisory. |
| 46 | |
| Anton Komlev | bd4582c | 2024-04-04 15:37:43 +0100 | [diff] [blame] | 47 | .. _issue tracker: https://github.com/TrustedFirmware-M/trusted-firmware-m/issues |
| Awadhy Mohammed | 3ba2d06 | 2023-03-02 10:43:07 +0000 | [diff] [blame] | 48 | .. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-m.lists.trustedfirmware.org/ |
| Anton Komlev | bd4582c | 2024-04-04 15:37:43 +0100 | [diff] [blame] | 49 | .. _Security incident process: https://trusted-firmware-docs.readthedocs.io/en/latest/security_center/incident_handling_process.html |
| Nicola Mazzucato | 0feca42 | 2024-09-18 16:40:49 +0100 | [diff] [blame] | 50 | .. _Security Advisories: https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/index.html |
| Anton Komlev | bd4582c | 2024-04-04 15:37:43 +0100 | [diff] [blame] | 51 | |
| Summer Qin | abf6698 | 2021-04-06 17:22:15 +0800 | [diff] [blame] | 52 | |
| 53 | -------------- |
| 54 | |
| Nicola Mazzucato | 0feca42 | 2024-09-18 16:40:49 +0100 | [diff] [blame] | 55 | *Copyright (c) 2020-2024, Arm Limited. All rights reserved.* |