| Gabor Toth | 3d47ee3 | 2025-01-08 11:31:29 +0100 | [diff] [blame] | 1 | PSA Attestation SP |
| 2 | ================== |
| 3 | |
| 4 | Scope of evaluation |
| 5 | ------------------- |
| 6 | |
| 7 | This assessment makes the following assumptions: |
| 8 | |
| 9 | - The PSA Attestation service is deployed to a dedicated S-EL0 SP, and its execution context is physically isolated. |
| 10 | - The solution uses the Logging SP, or the FF-A logging API provided by the SPMC. |
| 11 | - The Attestation SP uses a PSA Crypto SP for executing cryptographic operations. |
| 12 | - The SPMC passes a copy of the measurements made by earlier boot stages (BL1 and BL2) to the Attestation SP as boot |
| 13 | arguments. The system must protect the measurements from tampering before passing to the SP. |
| 14 | |
| 15 | Assessment Results |
| 16 | ------------------ |
| 17 | |
| 18 | This section specializes the threats identified in the Generic Threat Model for the attestation service where applicable. |
| 19 | Threats not listed here are mitigated as described in the :doc:`/security/threat-models/generic-threat-model`. |
| 20 | |
| 21 | - :ref:`GEN05 <generic_threat_5>` "External devices connected to the system storing sensitive data." |
| 22 | |
| 23 | The Attestation SP does not require any external devices for its operation, even when the built-in PSA Crypto is |
| 24 | used. Therefore, this threat is considered out of scope. |
| 25 | |
| 26 | - :ref:`GEN06 <generic_threat_6>` "State of external devices connected to the system might be modified by an |
| 27 | attacker." |
| 28 | |
| 29 | The Attestation SP does not require any external devices for its operation, even when the built-in PSA Crypto is |
| 30 | used. Therefore, this threat is considered out of scope. |
| 31 | |
| 32 | - :ref:`GEN07 <generic_threat_7>` "Invalid or conflicting access to shared hardware." |
| 33 | |
| 34 | The Attestation SP does not require any external devices for its operation, even when the built-in PSA Crypto is |
| 35 | used. Therefore, this threat is considered out of scope. |
| 36 | |
| 37 | - :ref:`GEN08 <generic_threat_8>` "Unauthenticated access to hardware." |
| 38 | |
| 39 | The Attestation SP does not require any external devices for its operation, even when the built-in PSA Crypto is |
| 40 | used. Therefore, this threat is considered out of scope. |
| 41 | |
| 42 | - :ref:`GEN09 <generic_threat_9>` "Unauthenticated access to sensitive data." |
| 43 | |
| 44 | The PSA Attestation SP is designed to present a uniform view to all clients, so the SP does not need to enforce |
| 45 | client isolation itself. |
| 46 | |
| 47 | The Attestation SP requires the PSA Crypto SPs to enforce client isolation and prevent other FF-A endpoints |
| 48 | from accessing its assets. |
| 49 | |
| 50 | - :ref:`GEN10 <generic_threat_10>` "Time-of-Check to Time-of-Use (TOCTTOU) attack through shared memory." |
| 51 | |
| 52 | The Attestation service provider must ensure data is copied to a secure memory buffer before calling the PSA Crypto |
| 53 | implementation to execute sensitive operations. |
| 54 | |
| 55 | -------------- |
| 56 | |
| 57 | *Copyright (c) 2025, Arm Limited and Contributors. All rights reserved.* |
| 58 | |
| 59 | SPDX-License-Identifier: BSD-3-Clause |