TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / arthur / trustedfirmware-a / 23fc05a33d2bd67d25e20b51f68e18872d761608 / . / docs / process / security.rst
blob: 1e7ac2ec741ed5e24f62e210cf603841b0bb5907 [file] [log] [blame]
Paul Beesley8aa05052019-03-07 15:47:15 +0000[diff] [blame]1Security Handling
2=================
Paul Beesley0c6be932019-03-05 17:19:37 +0000[diff] [blame]3
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]4Security Disclosures
5--------------------
6
John Tsichritzis55f14052019-05-21 10:37:55 +0100[diff] [blame]7We disclose all security vulnerabilities we find, or are advised about, that are
8relevant to Trusted Firmware-A. We encourage responsible disclosure of
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]9vulnerabilities and inform users as best we can about all possible issues.
10
John Tsichritzis55f14052019-05-21 10:37:55 +0100[diff] [blame]11We disclose TF-A vulnerabilities as Security Advisories, all of which are listed
Sandrine Bailleuxfa27d112023-01-11 11:15:14 +0100[diff] [blame]12at the bottom of this page. Any new ones will, additionally, be announced on the
13TF-A project's `mailing list`_.
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]14
15Found a Security Issue?
16-----------------------
17
John Tsichritzis55f14052019-05-21 10:37:55 +0100[diff] [blame]18Although we try to keep TF-A secure, we can only do so with the help of the
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]19community of developers and security researchers.
20
Sandrine Bailleuxecad5b82020-08-12 10:52:32 +0200[diff] [blame]21.. warning::
22 If you think you have found a security vulnerability, please **do not**
23 report it in the `issue tracker`_ or on the `mailing list`_. Instead, please
24 follow the `TrustedFirmware.org security incident process`_.
25
26One of the goals of this process is to ensure providers of products that use
27TF-A have a chance to consider the implications of the vulnerability and its
28remedy before it is made public. As such, please follow the disclosure plan
29outlined in the process. We do our best to respond and fix any issues quickly.
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]30
John Tsichritzis55f14052019-05-21 10:37:55 +0100[diff] [blame]31Afterwards, we encourage you to write-up your findings about the TF-A source
32code.
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]33
34Attribution
35-----------
36
Sandrine Bailleux1367cc12020-06-22 12:11:47 +0200[diff] [blame]37We will name and thank you in the :ref:`Change Log & Release Notes` distributed
38with the source code and in any published security advisory.
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]39
40Security Advisories
41-------------------
42
43+-----------+------------------------------------------------------------------+
44| ID | Title |
45+===========+==================================================================+
Paul Beesley34760952019-04-12 14:19:42 +0100[diff] [blame]46| |TFV-1| | Malformed Firmware Update SMC can result in copy of unexpectedly |
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]47| | large data into secure memory |
48+-----------+------------------------------------------------------------------+
Paul Beesley34760952019-04-12 14:19:42 +0100[diff] [blame]49| |TFV-2| | Enabled secure self-hosted invasive debug interface can allow |
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]50| | normal world to panic secure world |
51+-----------+------------------------------------------------------------------+
Paul Beesley34760952019-04-12 14:19:42 +0100[diff] [blame]52| |TFV-3| | RO memory is always executable at AArch64 Secure EL1 |
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]53+-----------+------------------------------------------------------------------+
Paul Beesley34760952019-04-12 14:19:42 +0100[diff] [blame]54| |TFV-4| | Malformed Firmware Update SMC can result in copy or |
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]55| | authentication of unexpected data in secure memory in AArch32 |
56| | state |
57+-----------+------------------------------------------------------------------+
Paul Beesley34760952019-04-12 14:19:42 +0100[diff] [blame]58| |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure |
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]59| | world timing information |
60+-----------+------------------------------------------------------------------+
Paul Beesley34760952019-04-12 14:19:42 +0100[diff] [blame]61| |TFV-6| | Trusted Firmware-A exposure to speculative processor |
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]62| | vulnerabilities using cache timing side-channels |
63+-----------+------------------------------------------------------------------+
Paul Beesley34760952019-04-12 14:19:42 +0100[diff] [blame]64| |TFV-7| | Trusted Firmware-A exposure to cache speculation vulnerability |
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]65| | Variant 4 |
66+-----------+------------------------------------------------------------------+
Paul Beesley34760952019-04-12 14:19:42 +0100[diff] [blame]67| |TFV-8| | Not saving x0 to x3 registers can leak information from one |
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]68| | Normal World SMC client to another |
69+-----------+------------------------------------------------------------------+
Manish V Badarkhe43f3a9c2023-02-16 18:11:40 +0000[diff] [blame]70| |TFV-9| | Trusted Firmware-A exposure to speculative processor |
71| | vulnerabilities with branch prediction target reuse |
72+-----------+------------------------------------------------------------------+
73| |TFV-10| | Incorrect validation of X.509 certificate extensions can result |
74| | in an out-of-bounds read |
75+-----------+------------------------------------------------------------------+
Manish Pandeyd1eb4e22024-01-02 15:35:28 +0000[diff] [blame]76| |TFV-11| | A Malformed SDEI SMC can cause out of bound memory read |
77+-----------+------------------------------------------------------------------+
Joel Hutton4fe91232019-02-25 15:18:56 +0000[diff] [blame]78
Sandrine Bailleux77f7a6a2024-01-26 14:11:04 +0100[diff] [blame]79.. _issue tracker: https://github.com/TrustedFirmware-A/trusted-firmware-a/issues
Sandrine Bailleuxf4a55e62022-04-21 10:17:22 +0200[diff] [blame]80.. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
Paul Beesley34760952019-04-12 14:19:42 +0100[diff] [blame]81
82.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)`
83.. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)`
84.. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)`
85.. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)`
86.. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)`
87.. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)`
88.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)`
89.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)`
Manish V Badarkhe43f3a9c2023-02-16 18:11:40 +0000[diff] [blame]90.. |TFV-9| replace:: :ref:`Advisory TFV-9 (CVE-2022-23960)`
91.. |TFV-10| replace:: :ref:`Advisory TFV-10 (CVE-2022-47630)`
Manish Pandeyd1eb4e22024-01-02 15:35:28 +0000[diff] [blame]92.. |TFV-11| replace:: :ref:`Advisory TFV-11 (CVE-2023-49100)`
Paul Beesley34760952019-04-12 14:19:42 +0100[diff] [blame]93
Sandrine Bailleux979c5482023-12-21 13:59:45 +0100[diff] [blame]94.. _TrustedFirmware.org security incident process: https://trusted-firmware-docs.readthedocs.io/en/latest/security_center/
Sandrine Bailleux1367cc12020-06-22 12:11:47 +0200[diff] [blame]95
Paul Beesley34760952019-04-12 14:19:42 +0100[diff] [blame]96--------------
97
Sandrine Bailleuxfa27d112023-01-11 11:15:14 +0100[diff] [blame]98*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*