docs: Add PSA Crypto SP security assessment
Add the security assessment of the PSA Crypto SP.
Change-Id: Icc47b9947854e4bdb6ab80a687a7c925aad21e8c
Signed-off-by: Imre Kis <imre.kis@arm.com>
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
diff --git a/docs/security/threat-assessment/crypto-service-threat-assessment.rst b/docs/security/threat-assessment/crypto-service-threat-assessment.rst
new file mode 100644
index 0000000..38ec89b
--- /dev/null
+++ b/docs/security/threat-assessment/crypto-service-threat-assessment.rst
@@ -0,0 +1,59 @@
+PSA Crypto SP
+=============
+
+
+Scope of evaluation
+-------------------
+
+This assessment makes the following assumptions:
+
+ - The PSA Crypto service is deployed to a dedicated S-EL0 SP, and its execution context is physically isolated.
+ - The SP has exclusive access to a TRNG device and to the crypto accelerator if present the system.
+ - The SP has exclusive access to the HUK (Hardware Unique Key) if present in the system. This is represented as a
+ PSA key with built-in key type.
+ - The SP relies on the PSA ITS SP for storing persistent data.
+ - The SP uses the Logging SP, or the FF-A logging API provided by the SPMC.
+
+Assessment Results
+------------------
+
+This section specializes the threats identified in the Generic Threat Model for the crypto service where applicable.
+Threats not listed here are mitigated as described in the :doc:`/security/threat-models/generic-threat-model`.
+
+ - :ref:`GEN05 <generic_threat_5>` "External devices connected to the system storing sensitive data."
+
+ Both hardware devices used by the Crypto SP are assumed to be internal, and thus this threat is considered out of
+ scope.
+
+ - :ref:`GEN06 <generic_threat_6>` "State of external devices connected to the system might be modified by an
+ attacker."
+
+ Both hardware devices used by the Crypto SP are assumed to be internal, and thus this threat is considered out of
+ scope.
+
+ - :ref:`GEN07 <generic_threat_7>` "Invalid or conflicting access to shared hardware."
+
+ This threat is considered out of scope due to the defined scope of evaluation.
+
+ - :ref:`GEN08 <generic_threat_8>` "Unauthenticated access to hardware."
+
+ This threat is considered out of scope as shared use of hardware is excluded by the scope of evaluation.
+
+ - :ref:`GEN09 <generic_threat_9>` "Unauthenticated access to sensitive data."
+
+ The PSA Crypto SP isolates its clients at the FF-A level and each FF-A endpoint is restricted to its own asset
+ namespace.
+
+ The Crypto SP requires PSA ITS to enforce client isolation and prevent access to its assets from any other
+ FF-A endpoint.
+
+ - :ref:`GEN10 <generic_threat_10>` "Time-of-Check to Time-of-Use (TOCTTOU) attack through shared memory."
+
+ The PSA Crypto service provider must ensure data is copied to a secure memory buffer before calling the crypto
+ backend to execute sensitive operations.
+
+--------------
+
+*Copyright (c) 2025, Arm Limited and Contributors. All rights reserved.*
+
+SPDX-License-Identifier: BSD-3-Clause
diff --git a/docs/security/threat-assessment/index.rst b/docs/security/threat-assessment/index.rst
index 7114e1a..5c34cb9 100644
--- a/docs/security/threat-assessment/index.rst
+++ b/docs/security/threat-assessment/index.rst
@@ -8,6 +8,7 @@
:caption: Secure Partitions
psa-storage-threat-assessment
+ crypto-service-threat-assessment
--------------