mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-16 17:44:19 +00:00
446354122c
Arm Confidential Compute Architecture (Arm CCA) support, underpinned by Arm Realm Management Extension (RME) support, brings in a few important software and hardware architectural changes in TF-A, which warrants a new security analysis of the code base. Results of this analysis are captured in a new threat model document, provided in this patch. The main changes introduced in TF-A to support Arm CCA / RME are: - Presence of a new threat agent: realm world clients. - Availability of Arm CCA Hardware Enforced Security (HES) to support measured boot and trusted boot. - Configuration of the Granule Protection Tables (GPT) for inter-world memory protection. This is only an initial version of the threat model and we expect to enrich it in the future. Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Manish Pandey <manish.pandey2@arm.com> Change-Id: Iab84dc724df694511508f90dc76b6d469c4cccd5 |
||
|---|---|---|
| .. | ||
| bl2-loading-sp.puml | ||
| el3_spm_dfd.puml | ||
| fconf_bl1_load_config.puml | ||
| fconf_bl2_populate.puml | ||
| fip-secure-partitions.puml | ||
| io_arm_class_diagram.puml | ||
| io_dev_init_and_check.puml | ||
| io_dev_registration.puml | ||
| io_framework_usage_overview.puml | ||
| rss_attestation_flow.puml | ||
| rss_measured_boot_flow.puml | ||
| sdei_explicit_dispatch.puml | ||
| sdei_general.puml | ||
| spm_dfd.puml | ||
| tfa_arm_cca_dfd.puml | ||
| tfa_dfd.puml | ||
| tfa_rss_dfd.puml | ||