| Anton Komlev | 7de7d93 | 2024-07-01 16:13:27 +0100 | [diff] [blame] | 1 | ############## |
| 2 | Issue tracking |
| 3 | ############## |
| 4 | |
| 5 | To trace TF-M issues and to maintain LTS versions transparently, all issues |
| 6 | found after an official release and breaking TF-M functionality, i.e. bugs in |
| 7 | either common code or platform code, or security vulnerability post public |
| 8 | disclosure shall be registered in TF-M Github `Issue tracker`_ . |
| 9 | The identified issues shall be addressed in the **main** development branch to |
| 10 | ensure normal progress. Additionally, these fixes will be backported to the |
| 11 | active Long-Term Support (LTS) branches and will be included in the upcoming |
| 12 | LTS release. |
| 13 | |
| 14 | .. warning:: Security-related issues should be addressed through the |
| Antonio de Angelis | 9762b74 | 2024-10-05 20:36:32 +0100 | [diff] [blame] | 15 | :doc:`Security Disclosure </security/index>` and recorded in the `Issue tracker`_ |
| Anton Komlev | 7de7d93 | 2024-07-01 16:13:27 +0100 | [diff] [blame] | 16 | **only** after public disclosure. |
| 17 | |
| 18 | When reporting a new issue please cover: |
| 19 | |
| 20 | 1. **Summary:** |
| 21 | Provide a concise overview of the issue. |
| 22 | What problem are you encountering? |
| 23 | 2. **Technical Description:** |
| 24 | Explain the issue thoroughly. Include relevant logs or screenshots. |
| 25 | 3. **Build and Execution Environment:** |
| 26 | - The hardware platform |
| 27 | - Build toolchain with versions |
| 28 | 4. **Reproduction Steps:** |
| 29 | Describe how to reproduce the issue step by step. |
| 30 | If possible, provide sample code or configuration settings. |
| 31 | 5. **Proposed Fix (Optional):** |
| 32 | If you have ideas on how to address the issue, share them. |
| 33 | It’s not mandatory, but it can be helpful. |
| 34 | |
| 35 | Is it a bug or security vulnerability? |
| 36 | -------------------------------------- |
| 37 | |
| 38 | A security vulnerability refers to a flaw that an attacker can exploit to gain |
| 39 | unauthorized access to system secrets, manipulate data, or perform actions |
| 40 | beyond the intended functionality. However, it’s important to note that defects |
| 41 | that cause system crashes or lead to a Denial of Service (DoS) state are |
| 42 | considered bugs rather than security vulnerabilities. |
| 43 | When faced with uncertainty in classifying a new defect, it is wise to use |
| 44 | caution and consider it as a potential safety issue. |
| 45 | |
| 46 | As implied in the :doc:`/contributing/contributing_process` |
| 47 | maintainers reserve the right to decide on what's acceptable to be backported |
| 48 | to LTS branches in case of any divergence. |
| 49 | |
| 50 | .. _Issue tracker: https://github.com/TrustedFirmware-M/trusted-firmware-m/issues |
| 51 | |
| 52 | -------------- |
| 53 | |
| 54 | *Copyright (c) 2024, Arm Limited. All rights reserved.* |