From 3d6cc210660e239fdb426094e5631f5ebd03cbe8 Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Thu, 12 May 2022 16:37:18 +0200 Subject: [PATCH 1/2] docs(threat-model): revamp threat #9 Reword the description of threat #9 to make it more future-proof for Arm CCA. By avoiding specific references to secure or non-secure contexts, in favour of "worlds" and "security contexts", we make the description equally applicable to 2-world and 4-world architectures. Note that there are other threats that would benefit from such a similar revamp but this is out of scope of this patch. Also list malicious secure world code as a potential threat agent. This seems to be an oversight in the first version of the threat model (i.e. this change is not related to Arm CCA). Change-Id: Id8c8424b0a801104c4f3dc70e344ee702d2b259a Signed-off-by: Sandrine Bailleux --- docs/threat_model/threat_model.rst | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst index 611e8a108..86b21345f 100644 --- a/docs/threat_model/threat_model.rst +++ b/docs/threat_model/threat_model.rst @@ -617,19 +617,18 @@ each diagram element of the data flow diagram. | Threat | | **Improperly handled SMC calls can leak register | | | contents** | | | | -| | | When switching between secure and non-secure | -| | states, register contents of Secure world or | -| | register contents of other normal world clients | -| | can be leaked. | +| | | When switching between worlds, TF-A register state | +| | can leak to software in different security | +| | contexts. | +------------------------+------------------------------------------------------+ -| Diagram Elements | DF5 | +| Diagram Elements | DF4, DF5 | +------------------------+------------------------------------------------------+ | Affected TF-A | BL31 | | Components | | +------------------------+------------------------------------------------------+ | Assets | Sensitive Data | +------------------------+------------------------------------------------------+ -| Threat Agent | NSCode | +| Threat Agent | NSCode, SecCode | +------------------------+------------------------------------------------------+ | Threat Type | Information Disclosure | +------------------------+-------------------+----------------+-----------------+ From d08c496699ae4b9bd5c072615c134206e3edbad7 Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Mon, 16 May 2022 15:10:27 +0200 Subject: [PATCH 2/2] docs(threat-model): make measured boot out of scope Add an explicit note that measured boot is out of scope of the threat model. For example, we have no threat related to the secure management of measurements, nor do we list its security benefits (e.g. in terms of repudiation). This might be a future improvement to the threat model but for now just acknowledge it is not considered. Change-Id: I2fb799a2ef0951aa681a755a948bd2b67415d156 Signed-off-by: Sandrine Bailleux --- docs/threat_model/threat_model.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst index 86b21345f..2e11a9479 100644 --- a/docs/threat_model/threat_model.rst +++ b/docs/threat_model/threat_model.rst @@ -36,6 +36,9 @@ assumptions: - There is no Secure-EL2. We don't consider threats that may come with Secure-EL2 software. +- Measured boot is disabled. We do not consider the threats nor the mitigations + that may come with it. + - No experimental features are enabled. We do not consider threats that may come from them.