Redirect security incident report to TrustedFirmware.org
All projects under the TrustedFirmware.org project now use the same security incident process, therefore update the disclosure/vulnerability reporting information in the TF-A documentation. ------------------------------------------------------------------------ /!\ IMPORTANT /!\ Please note that the email address to send these reports to has changed. Please do *not* use trusted-firmware-security@arm.com anymore. Similarly, the PGP key provided to encrypt emails to the security email alias has changed as well. Please do *not* use the former one provided in the TF-A source tree. It is recommended to remove it from your keyring to avoid any mistake. Please use the new key provided on TrustedFirmware.org from now on. ------------------------------------------------------------------------ Change-Id: I14eb61017ab99182f1c45d1e156b96d5764934c1 Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This commit is contained in:
Sandrine Bailleux
parent
ccf5863231
commit
1367cc19f1
|
|
@ -1,45 +0,0 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: PGP Desktop 10.2.0 (Build 2317)
|
||||
|
||||
mQENBFey/QMBCACyxJaLsMYU794ZfzLdY172tHXRJfP0X3b34HU35G7kYl1zNiYc
|
||||
/NoygtQdtDv/aW1B2A/YTNhGge+gX4BWAREd5CYDbdPEoMWC395/qbnmMmez7YNY
|
||||
PEJ9Iq9e5AayAWwZTL1zgKwdvE+WTwWok/nMbsifJSEdhdrOIHNqRcZgplUUyZ2R
|
||||
sDqFtSbACO3xj4Psk8KJ23Ax7UZgULouZOJaHOnyq8F9V/U7zWvX4Odf96XaC1Em
|
||||
cUTsG0kQfa7Y4Hqqjzowq366I4k2o2LAtuLPWNCvq5jjEceLs2+qV4cNLgyL2dzO
|
||||
wtUL6EdkrGfkxsPHpsVKXig4wjeX9ehCSqRlABEBAAG0PVRydXN0ZWQgRmlybXdh
|
||||
cmUgU2VjdXJpdHkgPHRydXN0ZWQtZmlybXdhcmUtc2VjdXJpdHlAYXJtLmNvbT6J
|
||||
AYwEEAECAHYFAley/SEwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5n
|
||||
QHBncC5jb21wZ3BtaW1lCAsJCAcDAgEKAhkBGRhsZGFwOi8va2V5c2VydmVyLnBn
|
||||
cC5jb20FGwMAAAAFFgADAgEFHgEAAAAGFQgJCgMCAAoJEDq378tFoN/QFJsH/0ly
|
||||
H91LYYzKIQrbolQw7Rp47lgzH88uN1rInYpW2GaTbjwPffAhYJ4VsN8RaiFskD9m
|
||||
DjMg4vY8p0jPTCUX1Acq20Wq0Ybv3HcrtjUp4ie0+rLUi3043yJyKFMWkJC2Kr+p
|
||||
SobnxSrAie4HDFUgSaPoh9Qf1zXEzOavdgcziMiyS5iVUf6NXYZ9z82OTZ6TdPKS
|
||||
u+L5zOHTdrV3+hD54w00Xa+EIE7u4v0to6Uwm977508hyGuvpOVq+u7+S3qJQvnY
|
||||
+JheStbgLsm6CyoRjyrlTE01ujAD6hI6Ef9yMgEljOBEy4phKAJ67SCRLEOiCp5U
|
||||
YHFCULwhzIyg2y3WmZSJASIEEAECAAwFAlezAnwFAwASdQAACgkQlxC4m8pXrXzd
|
||||
GAf/T8YEICI9qQt2vnCtCbBvVaTc2sAphVZ51kZVDqCDPB7znDtJYRBpi/9IPELt
|
||||
mYwIElMx2mqmahVaeUghmbzmcLZe8QHUi8GanO1mh+ook6uyjRojSIq6VUVV5uUf
|
||||
tuscfhpilOvUclqMqYEIgXfl08YwS40Kmmj0qokwad0co0zGQ8GEhlgMi2yvJfiG
|
||||
fPS0Xcn1J0980E/VgJQCAKwZvukrbb32WVwuhgepqs/4/62PZNxglcErioFt6P0A
|
||||
ik4t9Hr0uErqCeEKiYtmEw5e9ioRdX7CV+tJgIk907Tpv6E0iDFRJHmJBvmsz82O
|
||||
stOazS3wZ5Xck7asTqkvoyo9Z7kBDQRXsv0DAQgAsmL1UUIWyoNmYJWixSPDmclP
|
||||
0ul3T1FCOsIlWTeVeshnHByYdgZOfce78ETCUoq8G7qvYm4GRrEDpqVbxqTxJioP
|
||||
4Li05WDdNCKzSoqWd8ADA48gYnnJEu2NhA7ZkEC6u3+Mdbmd3M0J6nsAWeE0BV1p
|
||||
F5zI600sJuoH2QNWB7Kv5N3GCFE4IgCIH8MwDo4Y4FTZtygx4GjEtSExiOIz+bpX
|
||||
2+GkFCQGpIyLHLP4FmQmrsNzsIdEyFuG0IdoVuQ2PtNLiw+Wkm7CXWgRmFx/dtPN
|
||||
eVnOFWdbTtjBWVv/Z6zbANos2knfc75KR4FCQ6pWRvVeJuMuMopUDkfFDMtR8QAR
|
||||
AQABiQJBBBgBAgErBQJXsv0EBRsMAAAAwF0gBBkBCAAGBQJXsv0DAAoJENaB8ph8
|
||||
s9hu/nsH/Rx696ZR+1vZi5qCTUwo6s0Qa15x4OuyJEM85VgMLVY7/MZpp1Y8If6u
|
||||
A5BynQpy4QIPxIRsRx6twduW9/gb8UVhpMRPyuJ+5sSv0/KeUqkPbKSUGro2zGlR
|
||||
sjqPrchi6uafWZqOR/y/DNkEvkgZZaP+f9xs2qWKuoF08yTioo76QoroA4DVuVAT
|
||||
MkDFe9d3natAmfmjO4kvxuthg3y7R+sdXrCHpYYJZdbiR6gyj7e8whlSLwHQT3lz
|
||||
7QBL/CvVvL/dmhu5pk8fsksbehepMQTkCJ6GGEamOPEhwh7IvlzhEt97U4uzjuMd
|
||||
BPjqOCes+4QTmn/+lMTySG0kXxnHOEUACgkQOrfvy0Wg39D8Jgf/Uf3epkMOJ9xm
|
||||
N1l5vW8tQQ6RR055YQxQ9P6JMyCQGEJmGOcvrasCho69wMQDy4AYVtJaZd25LH/3
|
||||
LX/lcyDOP4C9VYXM+IxlcaRmjBKqWx9UzQeeioIkfmjMpJFU846ZP1dacge0lPx8
|
||||
p6ocPbM0rkv0xuF/dwkDQd4BPSmv4/3/UM8FRoYo8Q7SHkDR98wJ8FCm6k9wRtWC
|
||||
K/jzmBswY2TewAHom3jLzTM0FZ/n5Sini3EGAI2EvnQrxWRpeE7ZOkHKqLHEOaHl
|
||||
zeST4U/cUgxhwgnhbGJ7zmrFsHpYnnZYM3mIKfQ3/EhksZ68TF9IB1tfUiQTij4r
|
||||
9jWa0ybRdQ==
|
||||
=nZZb
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
@ -20,40 +20,13 @@ Found a Security Issue?
|
|||
Although we try to keep TF-A secure, we can only do so with the help of the
|
||||
community of developers and security researchers.
|
||||
|
||||
If you think you have found a security vulnerability, please **do not** report it
|
||||
in the `issue tracker`_. Instead send an email to
|
||||
trusted-firmware-security@arm.com
|
||||
|
||||
Please include:
|
||||
|
||||
* Trusted Firmware-A version (or commit) affected
|
||||
|
||||
* A description of the concern or vulnerability
|
||||
|
||||
* Details on how to replicate the vulnerability, including:
|
||||
|
||||
- Configuration details
|
||||
|
||||
- Proof of concept exploit code
|
||||
|
||||
- Any additional software or tools required
|
||||
|
||||
We recommend using :download:`this PGP/GPG key <./security-reporting.asc>` for
|
||||
encrypting the information. This key is also available at
|
||||
http://keyserver.pgp.com and LDAP port 389 of the same server.
|
||||
|
||||
The fingerprint for this key is:
|
||||
|
||||
::
|
||||
|
||||
1309 2C19 22B4 8E87 F17B FE5C 3AB7 EFCB 45A0 DFD0
|
||||
|
||||
If you would like replies to be encrypted, please provide your public key.
|
||||
|
||||
Please give us the time to respond to you and fix the vulnerability before going
|
||||
public. We do our best to respond and fix any issues quickly. We also need to
|
||||
ensure providers of products that use TF-A have a chance to consider the
|
||||
implications of the vulnerability and its remedy.
|
||||
If you think you have found a security vulnerability, please **do not** report
|
||||
it in the `issue tracker`_. Instead, please follow the `TrustedFirmware.org
|
||||
security incident process`_. One of the goals of this process is to ensure
|
||||
providers of products that use TF-A have a chance to consider the implications
|
||||
of the vulnerability and its remedy before it is made public. As such, please
|
||||
follow the disclosure plan outlined in the process. We do our best to respond
|
||||
and fix any issues quickly.
|
||||
|
||||
Afterwards, we encourage you to write-up your findings about the TF-A source
|
||||
code.
|
||||
|
|
@ -61,8 +34,8 @@ code.
|
|||
Attribution
|
||||
-----------
|
||||
|
||||
We will name and thank you in the :ref:`Change Log & Release Notes` distributed with the source
|
||||
code and in any published security advisory.
|
||||
We will name and thank you in the :ref:`Change Log & Release Notes` distributed
|
||||
with the source code and in any published security advisory.
|
||||
|
||||
Security Advisories
|
||||
-------------------
|
||||
|
|
@ -96,7 +69,6 @@ Security Advisories
|
|||
+-----------+------------------------------------------------------------------+
|
||||
|
||||
.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
|
||||
.. _this PGP/GPG key: security-reporting.asc
|
||||
|
||||
.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)`
|
||||
.. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)`
|
||||
|
|
@ -107,6 +79,8 @@ Security Advisories
|
|||
.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)`
|
||||
.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)`
|
||||
|
||||
.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/
|
||||
|
||||
--------------
|
||||
|
||||
*Copyright (c) 2019, Arm Limited. All rights reserved.*
|
||||
*Copyright (c) 2019-2020, Arm Limited. All rights reserved.*
|
||||
|
|
|
|||
Loading…
Reference in New Issue