Add generic threat model
The added threat model analyzes threats of a generalized trusted service.
It can be used to support secure development by listing threats and
mitigation options.
For specific setups creation of a use-case focused threat model is
advised. Such threat modelling activity can use the generic model as
a baseline.
Change-Id: I2e0153989a69f8b0a749ed5e700b3ecbb2d09eed
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
diff --git a/docs/_static/css/custom.css b/docs/_static/css/custom.css
index 93747c8..9377480 100644
--- a/docs/_static/css/custom.css
+++ b/docs/_static/css/custom.css
@@ -1,5 +1,5 @@
/*-----------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -83,3 +83,19 @@
font-size: 6rem;
color: #343131;
}
+
+/* override table width restrictions */
+.wy-table-responsive table td, .wy-table-responsive table th {
+ white-space: normal;
+}
+
+.wy-table-responsive {
+ margin-bottom: 24px;
+ max-width: 100;
+ overflow: visible;
+}
+
+wy-table-bordered-all, .rst-content table.docutils {
+ max-width: 100%;
+ min-width: 100%;
+}
\ No newline at end of file
diff --git a/docs/security/generic-data-flow.graphml b/docs/security/generic-data-flow.graphml
new file mode 100644
index 0000000..5d96f00
--- /dev/null
+++ b/docs/security/generic-data-flow.graphml
@@ -0,0 +1,500 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<graphml xmlns="http://graphml.graphdrawing.org/xmlns" xmlns:java="http://www.yworks.com/xml/yfiles-common/1.0/java" xmlns:sys="http://www.yworks.com/xml/yfiles-common/markup/primitives/2.0" xmlns:x="http://www.yworks.com/xml/yfiles-common/markup/2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:y="http://www.yworks.com/xml/graphml" xmlns:yed="http://www.yworks.com/xml/yed/3" xsi:schemaLocation="http://graphml.graphdrawing.org/xmlns http://www.yworks.com/xml/schema/graphml/1.1/ygraphml.xsd">
+ <!--Created by yEd 3.21.1-->
+ <key attr.name="Description" attr.type="string" for="graph" id="d0"/>
+ <key for="port" id="d1" yfiles.type="portgraphics"/>
+ <key for="port" id="d2" yfiles.type="portgeometry"/>
+ <key for="port" id="d3" yfiles.type="portuserdata"/>
+ <key attr.name="url" attr.type="string" for="node" id="d4"/>
+ <key attr.name="description" attr.type="string" for="node" id="d5"/>
+ <key for="node" id="d6" yfiles.type="nodegraphics"/>
+ <key for="graphml" id="d7" yfiles.type="resources"/>
+ <key attr.name="url" attr.type="string" for="edge" id="d8"/>
+ <key attr.name="description" attr.type="string" for="edge" id="d9"/>
+ <key for="edge" id="d10" yfiles.type="edgegraphics"/>
+ <graph edgedefault="directed" id="G">
+ <data key="d0" xml:space="preserve"><![CDATA[Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
+SPDX-License-Identifier: BSD-3-Clause
+
+Generic threat modell of a Trusted Service.
+]]></data>
+ <node id="n0">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="12.496800000000093" width="167.67999999999955" x="999.8343945312489" y="457.4259263183566"/>
+ <y:Fill hasColor="false" transparent="false"/>
+ <y:BorderStyle color="#FF0000" raised="false" type="dashed" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.0078125" x="4.0" xml:space="preserve" y="-3.1021859374999394">TB3<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="-0.5" labelRatioY="0.0" nodeRatioX="-0.5" nodeRatioY="1.1102230246251565E-15" offsetX="4.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n1">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="564.0099999999994" width="12.179999999999382" x="583.593507385258" y="200.62211367188718"/>
+ <y:Fill hasColor="false" transparent="false"/>
+ <y:BorderStyle color="#FF0000" raised="false" type="dashed" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.0078125" x="-6.913906250000309" xml:space="preserve" y="18.910353412126142">TB1<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="-0.5" nodeRatioX="0.0" nodeRatioY="-0.4664715990636227" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n2">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="315.409166121018" width="12.179999999999325" x="857.1073454715039" y="398.44871367188716"/>
+ <y:Fill hasColor="false" transparent="false"/>
+ <y:BorderStyle color="#FF0000" raised="false" type="dashed" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.0078125" x="-6.913906250000309" xml:space="preserve" y="165.94207995215538">TB2<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.3314683517128287E-15" nodeRatioY="0.05576275111294027" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n3">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="342.98698105468577" width="200.67999999999978" x="342.94159179687404" y="329.30920419922944"/>
+ <y:Fill hasColor="false" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="dotted" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" hasText="false" height="4.0" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="4.0" x="6.883049475401549" y="25.723656299968127">
+ <y:LabelModel>
+ <y:SmartNodeLabelModel distance="4.0"/>
+ </y:LabelModel>
+ <y:ModelParameter>
+ <y:SmartNodeLabelModelParameter labelRatioX="-0.5" labelRatioY="-0.5" nodeRatioX="-0.46570136797188777" nodeRatioY="-0.42500107082528954" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/>
+ </y:ModelParameter>
+ </y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n4">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="52.0" width="149.14062499999994" x="974.6586840820303" y="342.980075781258"/>
+ <y:Fill color="#CCFFCC" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="98.037109375" x="25.5517578125" xml:space="preserve" y="16.6494140625">Trusted Service 1<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n5">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="52.0" width="149.14062499999994" x="974.6586840820304" y="631.9019579101412"/>
+ <y:Fill color="#CCFFCC" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="98.037109375" x="25.551757812499886" xml:space="preserve" y="16.6494140625">Trusted Service 2<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n6">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="95.3709810546855" width="149.14062499999994" x="656.5949816894521" y="434.9416231445441"/>
+ <y:Fill color="#CCCCCC" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="30.00390625" x="59.568359375" xml:space="preserve" y="38.33490458984272">SPM<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n7">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="52.0" width="149.14062499999994" x="367.4203417968745" y="346.15949472657235"/>
+ <y:Fill color="#FFDD56" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="72.70703125" x="38.216796875" xml:space="preserve" y="16.6494140625">u-boot/EDK2<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n8">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="52.0" width="149.14062499999994" x="367.4203417968745" y="415.1892041992295"/>
+ <y:Fill color="#FFDD56" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="98.037109375" x="25.5517578125" xml:space="preserve" y="16.6494140625">Operating system<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n9">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="52.0" width="149.14062499999994" x="367.4203417968745" y="496.98920419922956"/>
+ <y:Fill color="#FFDD56" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="126.0625" x="11.5390625" xml:space="preserve" y="16.6494140625">User-space application<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n10">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="52.0" width="149.14062499999994" x="625.7735073852574" y="631.9019579101412"/>
+ <y:Fill color="#CCCCCC" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="79.345703125" x="34.8974609375" xml:space="preserve" y="16.6494140625">FF-A Manifest<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n11">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="52.0" width="124.88348205566643" x="981.027255554197" y="245.62007578125798"/>
+ <y:Fill color="#CCFFCC" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="48.103515625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="110.716796875" x="7.083342590333245" xml:space="preserve" y="1.9482421875">Dedicated,
+Physically protected
+HW<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="parallelogram"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n12">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="52.0" width="149.14062499999994" x="691.3269164213868" y="554.353966953524"/>
+ <y:Fill color="#CCCCCC" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="59.37109375" x="44.884765625" xml:space="preserve" y="16.6494140625">Debug-log<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n13">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="24.360000000000014" width="103.80040771484022" x="1177.7967895507836" y="356.800075781258"/>
+ <y:Fill color="#CCFFCC" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="88.03515625" x="7.882625732420138" xml:space="preserve" y="2.829414062500007">Peripheral IFC2<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="parallelogram"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n14">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="71.230075781258" width="157.46968750000036" x="1356.3271972656235" y="333.3650378906291"/>
+ <y:Fill color="#DDD55F" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="48.103515625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="131.39453125" x="13.03757812500021" xml:space="preserve" y="11.563280078128969">Dedicated,
+Not physically protected
+HW<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="parallelogram"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n15">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="52.0" width="142.0601162719767" x="1088.5370809936471" y="490.9227263183567"/>
+ <y:Fill color="#BCDD5F" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="48.103515625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="110.716796875" x="15.671659698488384" xml:space="preserve" y="1.9482421875">Non dedicated,
+Physically protected
+HW<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="parallelogram"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n16">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="71.230075781258" width="157.46968750000036" x="1356.3271972656235" y="481.3076884277277"/>
+ <y:Fill color="#DDD55F" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="48.103515625" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="131.39453125" x="13.03757812500021" xml:space="preserve" y="11.563280078128969">Non dedicated,
+Not physically protected
+HW<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="parallelogram"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n17">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="12.496800000000093" width="167.67999999999955" x="999.834394531249" y="563.9227263183567"/>
+ <y:Fill hasColor="false" transparent="false"/>
+ <y:BorderStyle color="#FF0000" raised="false" type="dashed" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.0078125" x="5.751194618473619" xml:space="preserve" y="-3.1021859374999394">TB4<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="-0.5" labelRatioY="0.0" nodeRatioX="-0.46570136797188844" nodeRatioY="1.1102230246251565E-15" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n18">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="355.14698105468574" width="12.179999999999325" x="1318.632197265624" y="307.6918526367132"/>
+ <y:Fill hasColor="false" transparent="false"/>
+ <y:BorderStyle color="#FF0000" raised="false" type="dashed" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.0078125" x="-6.913906250000309" xml:space="preserve" y="168.22290458984287">TB5<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="2.3314683517128287E-15" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n19" yfiles.foldertype="group">
+ <data key="d4" xml:space="preserve"/>
+ <data key="d6">
+ <y:ProxyAutoBoundsNode>
+ <y:Realizers active="0">
+ <y:GroupNode>
+ <y:Geometry height="188.8417925826776" width="475.4228202048764" x="747.7325835416852" y="-14.110811983915937"/>
+ <y:Fill hasColor="false" transparent="false"/>
+ <y:BorderStyle color="#000000" type="dashed" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="node_width" backgroundColor="#EBEBEB" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="22.37646484375" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="475.4228202048764" x="0.0" xml:space="preserve" y="0.0">Color code</y:NodeLabel>
+ <y:Shape type="roundrectangle"/>
+ <y:State closed="false" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
+ <y:Insets bottom="15" bottomF="15.0" left="15" leftF="15.0" right="15" rightF="15.0" top="15" topF="15.0"/>
+ <y:BorderInsets bottom="1" bottomF="0.8802461538460875" left="0" leftF="0.0" right="14" rightF="13.896470965118851" top="0" topF="0.0"/>
+ </y:GroupNode>
+ <y:GroupNode>
+ <y:Geometry height="50.0" width="50.0" x="120.0" y="60.0"/>
+ <y:Fill color="#F2F0D8" transparent="false"/>
+ <y:BorderStyle color="#000000" type="line" width="1.0"/>
+ <y:NodeLabel alignment="right" autoSizePolicy="node_width" backgroundColor="#B7B69E" borderDistance="0.0" fontFamily="Dialog" fontSize="15" fontStyle="plain" hasLineColor="false" height="22.37646484375" horizontalTextPosition="center" iconTextGap="4" modelName="internal" modelPosition="t" textColor="#000000" verticalTextPosition="bottom" visible="true" width="59.02685546875" x="-4.513427734375" xml:space="preserve" y="0.0">Folder 1</y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ <y:DropShadow color="#D2D2D2" offsetX="4" offsetY="4"/>
+ <y:State closed="true" closedHeight="50.0" closedWidth="50.0" innerGraphDisplayEnabled="false"/>
+ <y:Insets bottom="5" bottomF="5.0" left="5" leftF="5.0" right="5" rightF="5.0" top="5" topF="5.0"/>
+ <y:BorderInsets bottom="0" bottomF="0.0" left="0" leftF="0.0" right="0" rightF="0.0" top="0" topF="0.0"/>
+ </y:GroupNode>
+ </y:Realizers>
+ </y:ProxyAutoBoundsNode>
+ </data>
+ <graph edgedefault="directed" id="n19:">
+ <node id="n19::n0">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="30.0" width="200.59682538012066" x="762.8989327814432" y="23.265652859834063"/>
+ <y:Fill color="#CCFFCC" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="114.736328125" x="42.93024862756033" xml:space="preserve" y="5.6494140625">Isolated components<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n19::n1">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="30.0" width="200.67999999999978" x="762.8157581615641" y="128.8507344449156"/>
+ <y:Fill color="#DDD55F" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="151.41015625" x="24.634921874999918" xml:space="preserve" y="5.6494140625">Exposed to physical access<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n19::n2">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="30.0" width="200.76317461987873" x="762.7325835416852" y="76.05819365237483"/>
+ <y:Fill color="#BCDD5F" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="106.0703125" x="47.34643105993939" xml:space="preserve" y="5.6494140625">Isolated but shared<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n19::n3">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="30.0" width="200.7631746198785" x="993.4957581615641" y="76.05819365237483"/>
+ <y:Fill color="#CCCCCC" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="162.736328125" x="19.013423247439164" xml:space="preserve" y="5.6494140625">Out-of-scope, must be trusted<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ <node id="n19::n4">
+ <data key="d6">
+ <y:ShapeNode>
+ <y:Geometry height="30.0" width="200.76317461987873" x="993.495758161564" y="23.265652859834063"/>
+ <y:Fill color="#FFDD56" transparent="false"/>
+ <y:BorderStyle color="#000000" raised="false" type="line" width="1.0"/>
+ <y:NodeLabel alignment="center" autoSizePolicy="content" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasBackgroundColor="false" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" textColor="#000000" verticalTextPosition="bottom" visible="true" width="71.37109375" x="64.69604043493928" xml:space="preserve" y="5.6494140625">Non-isolated<y:LabelModel><y:SmartNodeLabelModel distance="4.0"/></y:LabelModel><y:ModelParameter><y:SmartNodeLabelModelParameter labelRatioX="0.0" labelRatioY="0.0" nodeRatioX="0.0" nodeRatioY="0.0" offsetX="0.0" offsetY="0.0" upX="0.0" upY="-1.0"/></y:ModelParameter></y:NodeLabel>
+ <y:Shape type="rectangle"/>
+ </y:ShapeNode>
+ </data>
+ </node>
+ </graph>
+ </node>
+ <edge id="e0" source="n6" target="n3">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="100.35106717916995" ty="90.5448068626963"/>
+ <y:LineStyle color="#000000" type="dotted" width="2.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="33.34375" x="-73.15855895996197" xml:space="preserve" y="23.397088022583603">DF12<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="center" ratio="0.5" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e1" source="n4" target="n3">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="87.3301092996351" ty="-53.368876149144754">
+ <y:Point x="789.0" y="443.36824352897344"/>
+ <y:Point x="670.0" y="453.09318525391524"/>
+ </y:Path>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.669921875" x="-93.31397923028646" xml:space="preserve" y="13.511950700802515">DF2<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="24.848250729860908" distanceToCenter="true" position="center" ratio="0.36841189565104326" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e2" source="n5" target="n4">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.669921875" x="-13.334968261719723" xml:space="preserve" y="-127.81154663086295">DF5<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="center" ratio="0.5" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e3" source="n4" target="n13">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.669921875" x="13.663771972656832" xml:space="preserve" y="-9.35058217772638">DF8<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="center" ratio="0.5" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e4" source="n13" target="n14">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="33.34375" x="25.889809570311172" xml:space="preserve" y="-9.35058217772638">DF11<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="center" ratio="0.5" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e5" source="n4" target="n11">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e6" source="n5" target="n15">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.669921875" x="21.485103988645278" xml:space="preserve" y="-53.840221362313514">DF7<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="center" ratio="0.5" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e7" source="n4" target="n15">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.669921875" x="22.99748608880236" xml:space="preserve" y="38.620743090823">DF6<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="6.283185307179586" distance="0.4445858052130681" distanceToCenter="true" position="left" ratio="0.5" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e8" source="n4" target="n16">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.669921875" x="109.69154907226448" xml:space="preserve" y="37.82232548473888">DF9<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="center" ratio="0.5" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e9" source="n5" target="n16">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0"/>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="33.34375" x="103.00539184570198" xml:space="preserve" y="-53.07938396899635">DF10<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="center" ratio="0.5" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e10" source="n4" target="n12">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0">
+ <y:Point x="923.0" y="478.0"/>
+ <y:Point x="754.0338550742626" y="478.0"/>
+ </y:Path>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.669921875" x="-69.70529382688164" xml:space="preserve" y="39.334672900394594">DF4<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="0.0" distance="23.364876657804036" distanceToCenter="false" position="center" ratio="0.49999999999999944" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e11" source="n4" target="n3">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="100.34788915745409" ty="-131.82261894531433"/>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.669921875" x="-228.85351440429793" xml:space="preserve" y="-9.35058217772638">DF1<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="center" ratio="0.5" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e12" source="n4" target="n5">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="0.0" sy="0.0" tx="0.0" ty="0.0">
+ <y:Point x="770.0980849792" y="503.8026947265723"/>
+ </y:Path>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="26.669921875" x="-107.35476828593619" xml:space="preserve" y="36.06179093568505">DF3<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="0.0" distance="30.0" distanceToCenter="true" position="center" ratio="0.32879346603393395" segment="0"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ <edge id="e13" source="n10" target="n4">
+ <data key="d10">
+ <y:PolyLineEdge>
+ <y:Path sx="-46.75109261252976" sy="-9.459533667717096" tx="0.0" ty="0.0">
+ <y:Point x="691.103216783217" y="467.8363636363635"/>
+ <y:Point x="817.5274592074595" y="456.72214452214445"/>
+ </y:Path>
+ <y:LineStyle color="#000000" type="line" width="1.0"/>
+ <y:Arrows source="standard" target="standard"/>
+ <y:EdgeLabel alignment="center" backgroundColor="#FFFFFF" configuration="AutoFlippingLabel" distance="2.0" fontFamily="Dialog" fontSize="12" fontStyle="plain" hasLineColor="false" height="18.701171875" horizontalTextPosition="center" iconTextGap="4" modelName="custom" preferredPlacement="anywhere" ratio="0.5" textColor="#000000" verticalTextPosition="bottom" visible="true" width="33.34375" x="160.4999963748819" xml:space="preserve" y="-191.48229906486733">DF13<y:LabelModel><y:SmartEdgeLabelModel autoRotationEnabled="false" defaultAngle="0.0" defaultDistance="10.0"/></y:LabelModel><y:ModelParameter><y:SmartEdgeLabelModelParameter angle="0.0" distance="0.5921559499140859" distanceToCenter="true" position="left" ratio="0.12442805389270134" segment="-1"/></y:ModelParameter><y:PreferredPlacementDescriptor angle="0.0" angleOffsetOnRightSide="0" angleReference="absolute" angleRotationOnRightSide="co" distance="-1.0" frozen="true" placement="anywhere" side="anywhere" sideReference="relative_to_edge_flow"/></y:EdgeLabel>
+ <y:BendStyle smoothed="false"/>
+ </y:PolyLineEdge>
+ </data>
+ </edge>
+ </graph>
+ <data key="d7">
+ <y:Resources/>
+ </data>
+</graphml>
diff --git a/docs/security/generic-data-flow.svg b/docs/security/generic-data-flow.svg
new file mode 100644
index 0000000..6e6c528
--- /dev/null
+++ b/docs/security/generic-data-flow.svg
@@ -0,0 +1,252 @@
+<?xml version="1.0" encoding="UTF-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" fill-opacity="1" color-rendering="auto" color-interpolation="auto" text-rendering="auto" stroke="black" stroke-linecap="square" width="1105" stroke-miterlimit="10" shape-rendering="auto" stroke-opacity="1" fill="black" stroke-dasharray="none" font-weight="normal" stroke-width="1" height="803" font-family="'Dialog'" font-style="normal" stroke-linejoin="miter" font-size="12px" stroke-dashoffset="0" image-rendering="auto">
+ <!--Generated by ySVG 2.5-->
+ <defs id="genericDefs"/>
+ <g>
+ <defs id="defs1">
+ <clipPath clipPathUnits="userSpaceOnUse" id="clipPath1">
+ <path d="M0 0 L1105 0 L1105 803 L0 803 L0 0 Z"/>
+ </clipPath>
+ <clipPath clipPathUnits="userSpaceOnUse" id="clipPath2">
+ <path d="M332 -58 L1524 -58 L1524 808.2226 L332 808.2226 L332 -58 Z"/>
+ </clipPath>
+ </defs>
+ <g stroke-linecap="butt" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" fill="red" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" stroke-dasharray="6,2" stroke="red" stroke-miterlimit="1.45">
+ <rect fill="none" x="999.8344" width="167.68" height="12.4968" y="457.4259" clip-path="url(#clipPath2)"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" font-family="sans-serif" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <text x="1005.8344" xml:space="preserve" y="468.3882" clip-path="url(#clipPath2)" stroke="none">TB3</text>
+ </g>
+ <g stroke-linecap="butt" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" fill="red" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" stroke-dasharray="6,2" stroke="red" stroke-miterlimit="1.45">
+ <rect fill="none" x="583.5935" width="12.18" height="564.01" y="200.6221" clip-path="url(#clipPath2)"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" font-family="sans-serif" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <text x="578.6796" xml:space="preserve" y="233.5969" clip-path="url(#clipPath2)" stroke="none">TB1</text>
+ </g>
+ <g stroke-linecap="butt" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" fill="red" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" stroke-dasharray="6,2" stroke="red" stroke-miterlimit="1.45">
+ <rect fill="none" x="857.1073" width="12.18" height="315.4092" y="398.4487" clip-path="url(#clipPath2)"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" font-family="sans-serif" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <text x="852.1934" xml:space="preserve" y="578.4553" clip-path="url(#clipPath2)" stroke="none">TB2</text>
+ </g>
+ <g stroke-linecap="round" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-dashoffset="2" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" stroke-dasharray="0,4" stroke-miterlimit="1.45">
+ <rect fill="none" x="342.9416" width="200.68" height="342.987" y="329.3092" clip-path="url(#clipPath2)"/>
+ </g>
+ <g fill="rgb(204,255,204)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(204,255,204)">
+ <rect x="974.6587" width="149.1406" height="52" y="342.9801" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="974.6587" width="149.1406" height="52" y="342.9801" clip-path="url(#clipPath2)"/>
+ <text x="1002.2104" xml:space="preserve" y="373.6939" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Trusted Service 1</text>
+ </g>
+ <g fill="rgb(204,255,204)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(204,255,204)">
+ <rect x="974.6587" width="149.1406" height="52" y="631.902" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="974.6587" width="149.1406" height="52" y="631.902" clip-path="url(#clipPath2)"/>
+ <text x="1002.2104" xml:space="preserve" y="662.6158" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Trusted Service 2</text>
+ </g>
+ <g fill="rgb(204,204,204)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(204,204,204)">
+ <rect x="656.595" width="149.1406" height="95.371" y="434.9416" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="656.595" width="149.1406" height="95.371" y="434.9416" clip-path="url(#clipPath2)"/>
+ <text x="718.1633" xml:space="preserve" y="487.341" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">SPM</text>
+ </g>
+ <g fill="rgb(255,221,86)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(255,221,86)">
+ <rect x="367.4203" width="149.1406" height="52" y="346.1595" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="367.4203" width="149.1406" height="52" y="346.1595" clip-path="url(#clipPath2)"/>
+ <text x="407.6371" xml:space="preserve" y="376.8734" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">u-boot/EDK2</text>
+ </g>
+ <g fill="rgb(255,221,86)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(255,221,86)">
+ <rect x="367.4203" width="149.1406" height="52" y="415.1892" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="367.4203" width="149.1406" height="52" y="415.1892" clip-path="url(#clipPath2)"/>
+ <text x="394.9721" xml:space="preserve" y="445.9031" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Operating system</text>
+ </g>
+ <g fill="rgb(255,221,86)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(255,221,86)">
+ <rect x="367.4203" width="149.1406" height="52" y="496.9892" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="367.4203" width="149.1406" height="52" y="496.9892" clip-path="url(#clipPath2)"/>
+ <text x="380.9594" xml:space="preserve" y="527.7031" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">User-space application</text>
+ </g>
+ <g fill="rgb(204,204,204)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(204,204,204)">
+ <rect x="625.7735" width="149.1406" height="52" y="631.902" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="625.7735" width="149.1406" height="52" y="631.902" clip-path="url(#clipPath2)"/>
+ <text x="662.671" xml:space="preserve" y="662.6158" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">FF-A Manifest</text>
+ </g>
+ <g fill="rgb(204,255,204)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(204,255,204)">
+ <path d="M993.5156 245.6201 L1105.9108 245.6201 L1093.4224 297.6201 L981.0273 297.6201 Z" fill-rule="evenodd" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <path fill="none" d="M993.5156 245.6201 L1105.9108 245.6201 L1093.4224 297.6201 L981.0273 297.6201 Z" fill-rule="evenodd" clip-path="url(#clipPath2)"/>
+ <text x="1014.7844" xml:space="preserve" y="261.6328" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Dedicated,</text>
+ <text x="990.1106" xml:space="preserve" y="276.334" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Physically protected</text>
+ <text x="1033.4729" xml:space="preserve" y="291.0351" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">HW</text>
+ </g>
+ <g fill="rgb(204,204,204)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(204,204,204)">
+ <rect x="691.3269" width="149.1406" height="52" y="554.354" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="691.3269" width="149.1406" height="52" y="554.354" clip-path="url(#clipPath2)"/>
+ <text x="738.2117" xml:space="preserve" y="585.0678" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Debug-log</text>
+ </g>
+ <g fill="rgb(204,255,204)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(204,255,204)">
+ <path d="M1188.1769 356.8001 L1281.5972 356.8001 L1271.2172 381.1601 L1177.7968 381.1601 Z" fill-rule="evenodd" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <path fill="none" d="M1188.1769 356.8001 L1281.5972 356.8001 L1271.2172 381.1601 L1177.7968 381.1601 Z" fill-rule="evenodd" clip-path="url(#clipPath2)"/>
+ <text x="1187.6794" xml:space="preserve" y="373.6939" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Peripheral IFC2</text>
+ </g>
+ <g fill="rgb(221,213,95)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(221,213,95)">
+ <path d="M1372.0742 333.3651 L1513.7969 333.3651 L1498.0499 404.5951 L1356.3271 404.5951 Z" fill-rule="evenodd" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <path fill="none" d="M1372.0742 333.3651 L1513.7969 333.3651 L1498.0499 404.5951 L1356.3271 404.5951 Z" fill-rule="evenodd" clip-path="url(#clipPath2)"/>
+ <text x="1406.3774" xml:space="preserve" y="358.9928" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Dedicated,</text>
+ <text x="1371.3647" xml:space="preserve" y="373.6939" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Not physically protected</text>
+ <text x="1425.0659" xml:space="preserve" y="388.3951" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">HW</text>
+ </g>
+ <g fill="rgb(188,221,95)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(188,221,95)">
+ <path d="M1102.743 490.9227 L1230.5972 490.9227 L1216.3912 542.9227 L1088.5371 542.9227 Z" fill-rule="evenodd" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <path fill="none" d="M1102.743 490.9227 L1230.5972 490.9227 L1216.3912 542.9227 L1088.5371 542.9227 Z" fill-rule="evenodd" clip-path="url(#clipPath2)"/>
+ <text x="1119.2048" xml:space="preserve" y="506.9354" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Non dedicated,</text>
+ <text x="1106.2087" xml:space="preserve" y="521.6366" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Physically protected</text>
+ <text x="1149.571" xml:space="preserve" y="536.3378" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">HW</text>
+ </g>
+ <g fill="rgb(221,213,95)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(221,213,95)">
+ <path d="M1372.0742 481.3077 L1513.7969 481.3077 L1498.0499 552.5378 L1356.3271 552.5378 Z" fill-rule="evenodd" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <path fill="none" d="M1372.0742 481.3077 L1513.7969 481.3077 L1498.0499 552.5378 L1356.3271 552.5378 Z" fill-rule="evenodd" clip-path="url(#clipPath2)"/>
+ <text x="1394.6997" xml:space="preserve" y="506.9354" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Non dedicated,</text>
+ <text x="1371.3647" xml:space="preserve" y="521.6366" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Not physically protected</text>
+ <text x="1425.0659" xml:space="preserve" y="536.3378" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">HW</text>
+ <rect x="999.8344" y="563.9227" clip-path="url(#clipPath2)" fill="none" width="167.68" stroke-dasharray="6,2" height="12.4968" stroke="red"/>
+ <text x="1007.5856" xml:space="preserve" y="574.885" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">TB4</text>
+ <rect x="1318.6322" y="307.6919" clip-path="url(#clipPath2)" fill="none" width="12.18" stroke-dasharray="6,2" height="355.147" stroke="red"/>
+ <text x="1313.7183" xml:space="preserve" y="489.9792" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">TB5</text>
+ <path fill="none" d="M966.9668 392.4953 L789 443.3683 L670 453.0932 L551.6387 448.2875" clip-path="url(#clipPath2)"/>
+ <path d="M974.6587 390.2965 L961.7466 388.7872 L966.0053 392.7701 L964.4951 398.4021 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M543.6453 447.963 L555.4326 453.4457 L552.6379 448.3281 L555.8383 443.4539 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="881.3447" y="403.8084" clip-path="url(#clipPath2)" fill="white" width="26.6699" height="18.7012" stroke="none"/>
+ <text x="883.3447" xml:space="preserve" y="417.8729" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">DF2</text>
+ <path fill="none" d="M966.6587 368.9801 L551.6295 368.9801" clip-path="url(#clipPath2)"/>
+ <path d="M974.6587 368.9801 L962.6587 363.9801 L965.6587 368.9801 L962.6587 373.9801 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M543.6295 368.9801 L555.6295 373.9801 L552.6295 368.9801 L555.6295 363.9801 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="745.8052" y="359.6295" clip-path="url(#clipPath2)" fill="white" width="26.6699" height="18.7012" stroke="none"/>
+ <text x="747.8052" xml:space="preserve" y="373.6939" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">DF1</text>
+ <path fill="none" d="M988.196 398.4595 L770.0981 503.8027 L995.1298 628.0355" clip-path="url(#clipPath2)"/>
+ <path d="M995.3997 394.9801 L982.4195 395.697 L987.2955 398.8945 L986.7689 404.7016 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M1002.1334 631.902 L994.0445 621.725 L994.2543 627.5522 L989.2114 630.4796 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="888.045" y="431.0419" clip-path="url(#clipPath2)" fill="white" width="26.6699" height="18.7012" stroke="none"/>
+ <text x="890.0449" xml:space="preserve" y="445.1063" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">DF3</text>
+ <path fill="none" d="M1049.229 623.902 L1049.229 402.9801" clip-path="url(#clipPath2)"/>
+ <path d="M1049.229 631.902 L1054.229 619.902 L1049.229 622.902 L1044.229 619.902 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M1049.229 394.9801 L1044.229 406.9801 L1049.229 403.9801 L1054.229 406.9801 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="1035.894" y="504.0904" clip-path="url(#clipPath2)" fill="white" width="26.6699" height="18.7012" stroke="none"/>
+ <text x="1037.894" xml:space="preserve" y="518.1549" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">DF5</text>
+ </g>
+ <g stroke-linecap="round" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-dashoffset="2" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" stroke-dasharray="0,8" stroke-width="2" stroke-miterlimit="1.45">
+ <path fill="none" d="M648.8088 530.3726 L551.4188 586.8336" clip-path="url(#clipPath2)"/>
+ <path d="M656.595 525.8586 L642.0945 527.7632 L647.8356 530.9368 L647.737 537.4959 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M543.6326 591.3475 L558.1331 589.443 L552.3921 586.2693 L552.4907 579.7103 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="583.4364" y="549.2557" clip-path="url(#clipPath2)" fill="white" width="33.3438" height="18.7012" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" font-family="sans-serif" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <text x="585.4364" xml:space="preserve" y="563.3201" clip-path="url(#clipPath2)" stroke="none">DF12</text>
+ <path fill="none" d="M658.6537 624.0746 L691.1032 467.8364 L817.5275 456.7221 L973.0889 397.8132" clip-path="url(#clipPath2)"/>
+ <path d="M657.0269 631.9074 L664.3627 621.1749 L658.8571 623.0955 L654.5716 619.1414 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M980.5704 394.9801 L967.5775 394.5538 L972.1537 398.1674 L971.1188 403.9058 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="817.5269" y="440.4252" clip-path="url(#clipPath2)" fill="white" width="33.3438" height="18.7012" stroke="none"/>
+ <text x="819.5269" xml:space="preserve" y="454.4896" clip-path="url(#clipPath2)" stroke="none">DF13</text>
+ <path fill="none" d="M1047.2183 334.994 L1045.4813 305.6344" clip-path="url(#clipPath2)"/>
+ <path d="M1047.6908 342.9801 L1051.9733 330.7057 L1047.1592 333.9958 L1041.9907 331.2964 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M1045.0089 297.6483 L1040.7262 309.9227 L1045.5404 306.6326 L1050.7089 309.3322 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path fill="none" d="M1013.0703 400.2091 L923 478 L754.0339 478 L761.9626 546.4072" clip-path="url(#clipPath2)"/>
+ <path d="M1019.1248 394.9801 L1006.7749 399.0396 L1012.3135 400.8628 L1013.3112 406.6077 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M762.8837 554.3539 L766.4688 541.8581 L761.8475 545.4138 L756.5353 543.0094 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="949.4195" y="434.3147" clip-path="url(#clipPath2)" fill="white" width="26.6699" height="18.7012" stroke="none"/>
+ <text x="951.4195" xml:space="preserve" y="448.3792" clip-path="url(#clipPath2)" stroke="none">DF4</text>
+ <path fill="none" d="M1131.7993 368.9801 L1174.979 368.9801" clip-path="url(#clipPath2)"/>
+ <path d="M1123.7993 368.9801 L1135.7993 373.9801 L1132.7993 368.9801 L1135.7993 363.9801 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M1182.979 368.9801 L1170.979 363.9801 L1173.979 368.9801 L1170.979 373.9801 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="1137.4631" y="359.6295" clip-path="url(#clipPath2)" fill="white" width="26.6699" height="18.7012" stroke="none"/>
+ <text x="1139.4631" xml:space="preserve" y="373.6939" clip-path="url(#clipPath2)" stroke="none">DF8</text>
+ <path fill="none" d="M1284.4005 368.9801 L1356.2144 368.9801" clip-path="url(#clipPath2)"/>
+ <path d="M1276.4005 368.9801 L1288.4005 373.9801 L1285.4005 368.9801 L1288.4005 363.9801 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M1364.2144 368.9801 L1352.2144 363.9801 L1355.2144 368.9801 L1352.2144 373.9801 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="1302.2903" y="359.6295" clip-path="url(#clipPath2)" fill="white" width="33.3438" height="18.7012" stroke="none"/>
+ <text x="1304.2903" xml:space="preserve" y="373.6939" clip-path="url(#clipPath2)" stroke="none">DF11</text>
+ <path fill="none" d="M1074.5087 625.6021 L1134.2703 549.2445" clip-path="url(#clipPath2)"/>
+ <path d="M1069.578 631.902 L1080.9114 625.5338 L1075.125 624.8146 L1073.0365 619.3705 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M1139.2009 542.9446 L1127.8676 549.3128 L1133.6539 550.032 L1135.7423 555.4761 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="1091.0631" y="578.0618" clip-path="url(#clipPath2)" fill="white" width="26.6699" height="18.7012" stroke="none"/>
+ <text x="1093.0631" xml:space="preserve" y="592.1262" clip-path="url(#clipPath2)" stroke="none">DF7</text>
+ <path fill="none" d="M1073.4031 401.3929 L1135.4004 484.5197" clip-path="url(#clipPath2)"/>
+ <path d="M1068.6202 394.9801 L1071.7865 407.5886 L1074.001 402.1945 L1079.8025 401.61 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M1140.1832 490.9325 L1137.017 478.324 L1134.8025 483.718 L1129.001 484.3025 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="1091.6177" y="433.6008" clip-path="url(#clipPath2)" fill="white" width="26.6699" height="18.7012" stroke="none"/>
+ <text x="1093.6177" xml:space="preserve" y="447.6653" clip-path="url(#clipPath2)" stroke="none">DF6</text>
+ <path fill="none" d="M1124.5065 397.8442 L1362.2559 489.0061" clip-path="url(#clipPath2)"/>
+ <path d="M1117.0367 394.9801 L1126.4512 403.9449 L1125.4402 398.2022 L1130.0314 394.6078 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M1369.7256 491.8703 L1360.3112 482.9055 L1361.3221 488.6481 L1356.731 492.2426 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="1226.7283" y="432.8024" clip-path="url(#clipPath2)" fill="white" width="26.6699" height="18.7012" stroke="none"/>
+ <text x="1228.7283" xml:space="preserve" y="446.8669" clip-path="url(#clipPath2)" stroke="none">DF9</text>
+ <path fill="none" d="M1127.9001 629.1564 L1350.4539 547.8376" clip-path="url(#clipPath2)"/>
+ <path d="M1120.386 631.902 L1133.3732 632.4799 L1128.8394 628.8132 L1129.9412 623.0873 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <path d="M1357.968 545.0921 L1344.9808 544.5142 L1349.5146 548.1808 L1348.4128 553.9068 Z" clip-path="url(#clipPath2)" stroke="none"/>
+ <rect x="1223.3914" y="578.8226" clip-path="url(#clipPath2)" fill="white" width="33.3438" height="18.7012" stroke="none"/>
+ <text x="1225.3914" xml:space="preserve" y="592.887" clip-path="url(#clipPath2)" stroke="none">DF10</text>
+ </g>
+ <g fill="rgb(235,235,235)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(235,235,235)">
+ <rect x="747.7326" width="475.4228" height="22.3765" y="-14.1108" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g font-size="15px" stroke-linecap="butt" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" text-rendering="geometricPrecision" font-family="sans-serif" shape-rendering="geometricPrecision" stroke-miterlimit="1.45">
+ <text x="949.1744" xml:space="preserve" y="2.9698" clip-path="url(#clipPath2)" stroke="none">Color code</text>
+ <rect x="747.7326" y="-14.1108" clip-path="url(#clipPath2)" fill="none" width="475.4228" stroke-dasharray="6,2" rx="4" ry="4" height="188.8418"/>
+ </g>
+ <g fill="rgb(204,255,204)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(204,255,204)">
+ <rect x="762.8989" width="200.5968" height="30" y="23.2657" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="762.8989" width="200.5968" height="30" y="23.2657" clip-path="url(#clipPath2)"/>
+ <text x="807.8292" xml:space="preserve" y="42.9795" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Isolated components</text>
+ </g>
+ <g fill="rgb(221,213,95)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(221,213,95)">
+ <rect x="762.8158" width="200.68" height="30" y="128.8507" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="762.8158" width="200.68" height="30" y="128.8507" clip-path="url(#clipPath2)"/>
+ <text x="789.4507" xml:space="preserve" y="148.5646" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Exposed to physical access</text>
+ </g>
+ <g fill="rgb(188,221,95)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(188,221,95)">
+ <rect x="762.7326" width="200.7632" height="30" y="76.0582" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="762.7326" width="200.7632" height="30" y="76.0582" clip-path="url(#clipPath2)"/>
+ <text x="812.079" xml:space="preserve" y="95.7721" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Isolated but shared</text>
+ </g>
+ <g fill="rgb(204,204,204)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(204,204,204)">
+ <rect x="993.4958" width="200.7632" height="30" y="76.0582" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="993.4958" width="200.7632" height="30" y="76.0582" clip-path="url(#clipPath2)"/>
+ <text x="1014.5092" xml:space="preserve" y="95.7721" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Out-of-scope, must be trusted</text>
+ </g>
+ <g fill="rgb(255,221,86)" text-rendering="geometricPrecision" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke="rgb(255,221,86)">
+ <rect x="993.4958" width="200.7632" height="30" y="23.2657" clip-path="url(#clipPath2)" stroke="none"/>
+ </g>
+ <g text-rendering="geometricPrecision" stroke-miterlimit="1.45" shape-rendering="geometricPrecision" transform="matrix(0.927,0,0,0.927,-307.7685,53.7668)" stroke-linecap="butt">
+ <rect fill="none" x="993.4958" width="200.7632" height="30" y="23.2657" clip-path="url(#clipPath2)"/>
+ <text x="1060.1918" xml:space="preserve" y="42.9795" clip-path="url(#clipPath2)" font-family="sans-serif" stroke="none">Non-isolated</text>
+ </g>
+ </g>
+</svg>
diff --git a/docs/security/index.rst b/docs/security/index.rst
index ac271be..513c3fd 100644
--- a/docs/security/index.rst
+++ b/docs/security/index.rst
@@ -6,14 +6,15 @@
:caption: Contents:
self
+ threat-model
-TODO:
-SDL
-Threat Modell
-etc..
+The security model of Trusted Services build on the `Platform Security Model`_ v1.1 beta. For a concept level overview
+please refer to this document.
--------------
-*Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.*
+.. _`Platform Security Model`: https://developer.arm.com/documentation/den0128/1-1/?lang=en
+
+*Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.*
SPDX-License-Identifier: BSD-3-Clause
diff --git a/docs/security/threat-model.rst b/docs/security/threat-model.rst
new file mode 100644
index 0000000..3bd9dd0
--- /dev/null
+++ b/docs/security/threat-model.rst
@@ -0,0 +1,439 @@
+Generic Threat Model
+====================
+
+Threat modeling is a process to identify security requirements, pinpoint security threats and potential vulnerabilities,
+quantify threat and vulnerability criticality and prioritize remediation methods.
+
+In the next sections you can find the output of this process the for a generic, use-case and service independent
+assessment.
+
+Target evaluation
+-----------------
+
+In this threat model, the target of evaluation is the S-EL0 SPs part of the PSA RoT hosting a "generalized" trusted
+service.
+
+This evaluation is based on the following assumptions:
+
+ * The implementation is based on the |FF-A| standard.
+ * Trusted boot is enabled. This means an attacker can’t boot arbitrary images that are not approved by platform
+ providers.
+ * Each trusted service is running in an S-EL0 secure partition. Access to memory and hardware is controlled by the
+ SPM based on the FF-A manifest or FF-A framework messages.
+ * Components running at higher privilege levels than S-EL0 are to be inherently trusted. (I.e. the SPM).
+
+Data flow diagram
+-----------------
+
+The data flow diagram visualizes the connection between components and where the data flow crosses security boundaries.
+
+.. image:: ./generic-data-flow.svg
+ :target: Attachments_
+
+.. table:: List of data flows
+
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | Data flow | Description | In scope |
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | DF1 | Trusted Service interacts with NWd client directly. | Yes |
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | DF2 | Trusted Service interacts with NWd client through SPM. | Yes |
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | DF3 | Trusted Services interact through SPM. | Yes |
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | DF4 | Trusted Service logs debug information. | Yes |
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | DF5 | Trusted Services interact directly. | Yes |
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | DF6, DF7 | Trusted Services interacts with shared hardware. | Yes |
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | DF8 | Trusted Service interacts with dedicated peripheral interface. | Yes |
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | DF9, DF10 | Trusted Service interacts with shared, external hardware. | Yes |
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | DF11 | Trusted Service interacts with dedicated, external hardware. | Yes |
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | DF12 | NWd interacts with more privileged software. | No |
+ +-----------+---------------------------------------------------------------------------------+----------+
+ | DF13 | FF-A manifest and other data is handed over to a Trussed Service | No |
+ +-----------+---------------------------------------------------------------------------------+----------+
+
+Trust boundaries
+----------------
+
+.. list-table:: List of trust boundaries
+
+ * - Trust boundary
+ - Description
+ * - TB1
+ - Trust boundary between TEE and normal world.
+ * - TB2
+ - Trust boundary between higher privilege level SW and Trusted Services.
+ * - TB3, TB4
+ - Trust boundary between trusted services.
+ * - TB5
+ - Trust boundary to physically accessible external hardware.
+
+Assets
+------
+
+The above dataflow identifies the following generalized assets.
+
+.. table::
+
+ +----------------------+----------------------------------------------------------------------------------+
+ | Asset | Description |
+ +----------------------+----------------------------------------------------------------------------------+
+ | ``availability`` | Availability of a trusted service to clients. |
+ +----------------------+----------------------------------------------------------------------------------+
+ | ``code execution`` | Code or code flow of a trusted service. |
+ +----------------------+----------------------------------------------------------------------------------+
+ | ``sensitive data`` | Data that an attacker must not tamper with. These include device identity key, |
+ | | Initial Attestation Key, Protected Storage Key, UEFI variables, tpm-event log, |
+ | | etc... |
+ +----------------------+----------------------------------------------------------------------------------+
+ |``sensitive hardware``| Hardware that an attacker must not be tamper with. Examples are control interface|
+ | | of storage medium, true random number generator, crypto accelerator. |
+ +----------------------+----------------------------------------------------------------------------------+
+
+Attackers and threat agents
+---------------------------
+
+This section identifies the generalized stakeholders interacting with secure services.
+
+.. list-table::
+ :widths: 20,70,10
+
+ * - Attacker/Threat agent
+ - Description
+ - In scope
+ * - ``NSClient``
+ - Client executing in the normal world.
+ - Yes
+ * - ``SClient``
+ - Client running in SWd.
+ - Yes
+ * - ``HPComponent``
+ - Components running at higher privilege level than the trusted service.
+ - No
+ * - ``AppDebug``
+ - Physical attacker using debug signals to access resources.
+ - Yes
+ * - ``PhysAcc``
+ - Physical attacker having access to the external device communication bus and to the external flash communication
+ bus using common hardware.
+ - Yes
+ * - ``AdvPhysAcc``
+ - Attackers who are able to use specialist hardware for attacks that require irreversible changes to the target
+ system (e.g., "rewiring" a chip using a Focused IonBeam FIB workstation).
+ - No
+
+
+
+Threat Priority
+---------------
+
+Threat priority calculation is based on `Common Vulnerability Scoring System`_ (CVSS) Version 3.1. The threat priority
+is represented by the `Severity Rating Scale`_ calculated from the CVSS score of each threat. The CVSS score is
+calculated using the `Vulnerability Calculator`_.
+
+For each threat the priority and a link to CVSS calculator capturing the calculator settings will be listed.
+
+Threat Types
+------------
+
+In this threat model we categorize threats using the `STRIDE threat analysis technique`_. In this technique a threat is
+categorized as one or more of these types: ``Spoofing``, ``Tampering``, ``Repudiation``, ``Information disclosure``,
+``Denial of service`` or ``Elevation of privilege``.
+
+.. list-table::
+ :widths: 15,80
+
+ * - **ID**
+ - 1
+ * - Description
+ - Information leak via debug logs.
+
+ During development it is common practice to help understanding code execution by emitting
+ debug logs.
+ * - Data flow
+ - DF4
+ * - Asset(s)
+ - ``Sensitive Data``
+ * - Threat Agent/Attacker
+ - ``AppDebug``
+ * - Threat type
+ - ``Information disclosure``
+ * - Impact
+ - Sensitive information may get to unauthorized people. Information can potentially help
+ compromising the target or other systems.
+ * - Scoring/CVSS
+ - Medium, 4.6 `CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N <https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N>`_
+ * - Mitigation
+ - Log messages are put to "verbosity categories". Release builds limit printed log messages
+ to "error" category.
+ * - Mitigation in place
+ - yes
+
+.. list-table::
+ :widths: 15,80
+
+ * - **ID**
+ - 2
+ * - Description
+ - An attacker can tamper with sensitive data and execute arbitrary code through hardware-assisted
+ debug interface.
+ * - Data flow
+ - N/A.
+ * - Asset(s)
+ - ``Sensitive Data``, ``Code Execution``, ``Sensitive Hardware``
+ * - Threat Agent/Attacker
+ - ``AppDebug``
+ * - Threat type
+ - ``Information disclosure``, ``Tampering``
+ * - Impact
+ - Sensitive information may get to unauthorized people. Information can potentially help
+ compromising the target or other systems.
+
+ An attacker may modify sensitive data and alter device behavior and thus compromise the
+ target or other systems.
+ * - Scoring/CVSS
+ - Medium, 6.8 `CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H <https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H>`_
+ * - Mitigation
+ - Hardware platform specific means to disable or limit access to debug functionality.
+ * - Mitigation in place
+ - yes
+
+.. list-table::
+ :widths: 15,80
+
+ * - **ID**
+ - 3
+ * - Description
+ - An attacker can perform a denial-of-service attack by using a broken service call that
+ causes the service to enter an unknown state.
+
+ Secure and non-secure clients access a trusted service through FF-A calls. Malicious code
+ can attempt to place the service into an inconsistent state by calling unimplemented
+ calls or by passing invalid arguments.
+ * - Data flow
+ - DF1, DF2, DF3, DF5
+ * - Asset(s)
+ - ``Availability``
+ * - Threat Agent/Attacker
+ - ``NSclient``, ``SClient``
+ * - Threat type
+ - ``Denial of service``
+ * - Impact
+ - The service or the whole system may temporarily or permanently enter an unusable state.
+ * - Scoring/CVSS
+ - Medium, 6.8 `CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H <https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H>`_
+ * - Mitigation
+ - The service must validate all inputs before usage. Input validation shall be checked during
+ code review and by testing.
+ * - Mitigation in place
+ - yes
+
+.. list-table::
+ :widths: 15,80
+
+ * - **ID**
+ - 4
+ * - Description
+ - Memory corruption due to memory overflows and lack of boundary checking when accessing
+ resources.
+
+ Allows an attacker to execute arbitrary code, modify memory content to change
+ program flow.
+ * - Data flow
+ - DF1, DF2, DF3, DF5
+ * - Asset(s)
+ - ``Code execution``, ``Sensitive Data``, ``Denial of service``
+ * - Threat Agent/Attacker
+ - ``SClient``, ``NSClient``, ``HSComponent``
+ * - Threat type
+ - ``Tampering``, ``Information disclosure``, ``Elevation of privilege``, ``Denial of service``
+ * - Impact
+ - The service or the whole system may temporarily or permanently enter an unusable state.
+
+ Malicious code might be executed in the context of the compromised service.
+ Leakage of sensitive data.
+ * - Scoring/CVSS
+ - High, 8.4 `CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H <https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>`_
+ * - Mitigation
+ - The service must validate boundaries and sanity check incoming data. Validation shall be
+ checked during code reviews and by testing.
+ * - Mitigation in place
+ - yes
+
+.. list-table::
+ :widths: 15,80
+
+ * - **ID**
+ - 5
+ * - Description
+ - External devices connected to the system storing sensitive data. An attacker could eavesdrop external signals.
+ * - Data flow
+ - DF9, DF10, DF11
+ * - Asset(s)
+ - ``Sensitive Data``
+ * - Threat agent/Attacker
+ - ``PhysAcc``
+ * - Threat type
+ - ``Information disclosure``
+ * - Impact
+ - An attacker may get access to sensitive data, could tamper with sensitive data, or could attack the service
+ using the external device by injecting malicious data, which could lead to malfunction or execution of malicious
+ code.
+ * - Scoring/CVSS
+ - Medium, 5.9 `CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H <https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H>`_
+ * - Mitigation
+ - When designing the use case, storage services must be assessed to understand which protection type they can
+ implement (integrity, authenticity, confidentiality, rollback-protection). Sensitive data must be categorized
+ and mapped to the storage service which can provide the needed protection.
+
+ For example integrity can be safeguarded by using checksums. Authenticity by using digital signatures.
+ Confidentiality by using encryption. Rollback protection by using nonce values.
+ * - Mitigation in place
+ - yes
+
+.. list-table::
+ :widths: 15,80
+
+ * - **ID**
+ - 6
+ * - Description
+ - State of external devices connected to the system might be modified by an attacker.
+
+ This includes modifying signals, replacing the device, or modifying device content.
+ * - Data flow
+ - DF9, DF10, DF11
+ * - Asset(s)
+ - ``Sensitive Data``, ``Denial of service``, ``Code execution``
+ * - Threat agent/Attacker
+ - ``PhysAcc``
+ * - Threat type
+ - ``Tampering``, ``Denial of service``, ``Code execution``
+ * - Impact
+ - An attacker could tamper with sensitive data, or could attack the system by injecting malicious data, which
+ could lead to malfunction, execution of malicious code, or using old state with known vulnerability.
+ * - Scoring/CVSS
+ - High, 7.3 `CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H <https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H>`_
+ * - Mitigation
+ - When designing the use case, storage services must be assessed to understand which protection type they can
+ implement (integrity, authenticity, confidentiality, rollback-protection). Sensitive data must be categorized
+ and mapped to the storage service which can provide the needed protection.
+
+ For example integrity can be safeguarded by using checksums. Authenticity by using digital signatures.
+ Confidentiality by using encryption. Rollback protection by using hardware backed nonce values.
+ * - Mitigation in place
+ - yes
+
+
+.. list-table::
+ :widths: 15,80
+
+ * - ID
+ - 7
+ * - Description
+ - Invalid or conflicting access to shared hardware.
+
+ * - Data flow
+ - DF6, DF7, DF9, DF10
+ * - Asset(s)
+ - ``Sensitive Data``, ``Denial of service``, ``Code execution``
+ * - Threat Agent/Attacker
+ - ``SClient``, ``NSClient``, ``HPComponent``
+ * - Threat type
+ - ``Tampering``, ``Information disclosure``, ``Denial of service``, ``Code execution``
+ * - Impact
+ - A trusted service relying on shared hardware usage might get compromised or misbehaving if other stakeholders
+ affect shared hardware in unexpected way.
+
+ * - Scoring/CVSS
+ - High, 7.0 `CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H <https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H>`_
+ * - Mitigation
+ - Access to peripherals must be limited to the smallest possible set of services. Ideally each peripheral should be
+ dedicated to a single trusted service and sharing of peripherals should be avoided is possible. If sharing can
+ not be avoided, a strict handover process shall be implemented to allow proper context switches, where hardware
+ state can be controlled.
+ * - Mitigation in place
+ - yes
+
+.. list-table::
+ :widths: 15,80
+
+ * - **ID**
+ - 8
+ * - Description
+ - Unauthenticated access to hardware.
+
+ A trusted service relying on hardware usage might get compromised or misbehaving if hardware state is
+ maliciously altered.
+ * - Data flow
+ - DF6, DF7, DF9, DF10
+ * - Asset(s)
+ - ``Sensitive Data``, ``Denial of service``, ``Code execution``
+ * - Threat Agent/Attacker
+ - ``SClient``, ``NSClient``, ``HPComponent``
+ * - Threat type
+ - ``Tampering``, ``Information disclosure``, ``Denial of service``, ``Code execution``
+ * - Impact
+ - An attacker may get access to sensitive data of might make a trusted service or the system enter an unusable
+ state by tampering with hardware peripherals.
+ * - Scoring/CVSS
+ - Medium, 6.4 `CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H <https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>`_
+ * - Mitigation
+ - Access to peripherals must be limited to the smallest possible set of services. Ideally each peripheral should be
+ dedicated to a single trusted service, and sharing of peripherals should be avoided is possible. If sharing can
+ not be avoided, a strict handover process shall be implemented to allow proper context switches, where register
+ values can be controlled.
+ * - Mitigation in place
+ - yes
+
+
+.. list-table::
+ :widths: 15,80
+
+ * - **ID**
+ - 9
+ * - Description
+ - Unauthenticated access to sensitive data.
+ * - Data flow
+ - DF1, DF2, DF3, DF5
+ * - Asset(s)
+ - ``Sensitive Data``, ``Denial of service``
+ * - Threat Agent/Attacker
+ - ``SClient``, ``NSClient``, ``HPComponent``
+ * - Threat type
+ - ``Tampering``, ``Information disclosure``, ``Denial of service``
+ * - Impact
+ - A trusted service may manage data of multiple clients. Different clients shall not be able to access each
+ other's data unless in response to explicit request.
+ * - Scoring/CVSS
+ - Medium, 6.8 `CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N <https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N>`_
+ * - Mitigation
+ - Trusted services must implement access control based on identification data provided by higher privileged
+ components (i.e. FF-A endpoint ID).
+ * - Mitigation in place
+ - yes
+
+
+--------------
+
+.. _Attachments:
+.. Rubric:: Attachments
+
+Source file of the `Data flow diagram`_. Please use the yEd_ for editing. :download:`./generic-data-flow.graphml`
+
+--------------
+
+.. _`Common Vulnerability Scoring System`: https://www.first.org/cvss/v3.1/specification-document
+.. _`Vulnerability Calculator`: https://www.first.org/cvss/calculator/3.1
+.. _`Severity Rating Scale`: https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale
+.. _`STRIDE threat analysis technique`: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model
+.. _yEd: https://www.yworks.com/products/yed
+
+*Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.*
+
+SPDX-License-Identifier: BSD-3-Clause
