From 077d8b39bc982bb86bd1a78a5ff0d98a8a6d4c1b Mon Sep 17 00:00:00 2001
From: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Date: Mon, 12 Feb 2024 11:56:56 +0000
Subject: [PATCH] docs(threat_model): mark power analysis threats out-of-scope

Exclude the threat of power analysis side-channel attacks
from consideration in the TF-A generic threat model.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I5b245f33609fe8948e473ce4484898db5ff8db4d
---
 docs/threat_model/firmware_threat_model/threat_model.rst | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/threat_model/firmware_threat_model/threat_model.rst b/docs/threat_model/firmware_threat_model/threat_model.rst
index d93547f88..63bdc8af3 100644
--- a/docs/threat_model/firmware_threat_model/threat_model.rst
+++ b/docs/threat_model/firmware_threat_model/threat_model.rst
@@ -163,6 +163,15 @@ in scope of this threat model.
   ion beam (FIB) workstation or decapsulate the chip using chemicals) is
   considered out-of-scope.
 
+  Certain non-invasive physical attacks that do not need modifications to the
+  chip, notably those like Power Analysis Attacks, are out-of-scope. Power
+  analysis side-channel attacks represent a category of security threats that
+  capitalize on information leakage through a device's power consumption during
+  its normal operation. These attacks leverage the correlation between a
+  device's power usage and its internal data processing activities. This
+  correlation provides attackers with the means to extract sensitive
+  information, including cryptographic keys.
+
 Threat Types
 ============