Merge changes from topic "sb/threat-model" into integration
* changes: docs(threat-model): make measured boot out of scope docs(threat-model): revamp threat #9
This commit is contained in:
Bipin Ravi
TrustedFirmware Code Review
commit
453abc80b2
|
|
@ -36,6 +36,9 @@ assumptions:
|
|||
- There is no Secure-EL2. We don't consider threats that may come with
|
||||
Secure-EL2 software.
|
||||
|
||||
- Measured boot is disabled. We do not consider the threats nor the mitigations
|
||||
that may come with it.
|
||||
|
||||
- No experimental features are enabled. We do not consider threats that may come
|
||||
from them.
|
||||
|
||||
|
|
@ -617,19 +620,18 @@ each diagram element of the data flow diagram.
|
|||
| Threat | | **Improperly handled SMC calls can leak register |
|
||||
| | contents** |
|
||||
| | |
|
||||
| | | When switching between secure and non-secure |
|
||||
| | states, register contents of Secure world or |
|
||||
| | register contents of other normal world clients |
|
||||
| | can be leaked. |
|
||||
| | | When switching between worlds, TF-A register state |
|
||||
| | can leak to software in different security |
|
||||
| | contexts. |
|
||||
+------------------------+------------------------------------------------------+
|
||||
| Diagram Elements | DF5 |
|
||||
| Diagram Elements | DF4, DF5 |
|
||||
+------------------------+------------------------------------------------------+
|
||||
| Affected TF-A | BL31 |
|
||||
| Components | |
|
||||
+------------------------+------------------------------------------------------+
|
||||
| Assets | Sensitive Data |
|
||||
+------------------------+------------------------------------------------------+
|
||||
| Threat Agent | NSCode |
|
||||
| Threat Agent | NSCode, SecCode |
|
||||
+------------------------+------------------------------------------------------+
|
||||
| Threat Type | Information Disclosure |
|
||||
+------------------------+-------------------+----------------+-----------------+
|
||||
|
|
|
|||
Loading…
Reference in New Issue