docs(spm): update threat model with FF-A v1.1
Update SPM's threat model to contain threats related to notifications feature, compliant with FF-A v1.1 spec. Change-Id: I4a825be5dd14137a0d04d532adfe5343714794c5 Signed-off-by: J-Alves <joao.alves@arm.com>
This commit is contained in:
J-Alves
parent
2242773ddb
commit
668ce500f9
|
|
@ -36,7 +36,8 @@ The scope for this threat model is:
|
|||
running in the secure world of TrustZone (at S-EL2 exception level).
|
||||
The threat model is not related to the normal world Hypervisor or VMs.
|
||||
The S-EL1 SPMC solution is not covered.
|
||||
- The implementation complies with the FF-A v1.0 specification.
|
||||
- The implementation complies with the FF-A v1.0 specification, and a few
|
||||
features of FF-A v1.1 specification.
|
||||
- Secure partitions are statically provisioned at boot time.
|
||||
- Focus on the run-time part of the life-cycle (no specific emphasis on boot
|
||||
time, factory firmware provisioning, firmware udpate etc.)
|
||||
|
|
@ -477,7 +478,7 @@ element of the data flow diagram.
|
|||
+------------------------+------------------+---------------+-----------------+
|
||||
| ``Total Risk Rating`` | Medium (6) | Medium (6) | |
|
||||
+------------------------+------------------+---------------+-----------------+
|
||||
| ``Mitigations`` | For the specific case of direct requests targetting|
|
||||
| ``Mitigations`` | For the specific case of direct requests targeting |
|
||||
| | the SPMC, the latter is hardened to prevent |
|
||||
| | its internal state or the state of an SP to be |
|
||||
| | revealed through a direct message response. |
|
||||
|
|
@ -572,7 +573,7 @@ element of the data flow diagram.
|
|||
| ID | 11 |
|
||||
+========================+====================================================+
|
||||
| ``Threat`` | **A malicious endpoint may attempt flooding the |
|
||||
| | SPMC with requests targetting a service within an |
|
||||
| | SPMC with requests targeting a service within an |
|
||||
| | endpoint such that it denies another endpoint to |
|
||||
| | access this service.** |
|
||||
| | Similarly, the malicious endpoint may target a |
|
||||
|
|
@ -607,7 +608,281 @@ element of the data flow diagram.
|
|||
| | in a limited timeframe. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
|
||||
--------------
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ID | 12 |
|
||||
+========================+====================================================+
|
||||
| ``Threat`` | **A malicious endpoint may attempt to allocate |
|
||||
| | notifications bitmaps in the SPMC, through the |
|
||||
| | FFA_NOTIFICATION_BITMAP_CREATE.** |
|
||||
| | This might be an attempt to exhaust SPMC's memory, |
|
||||
| | or to allocate a bitmap for a VM that was not |
|
||||
| | intended to receive notifications from SPs. Thus |
|
||||
| | creating the possibility for a channel that was not|
|
||||
| | meant to exist. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Diagram Elements`` | DF1, DF2, DF3 |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Affected TF-A | SPMC |
|
||||
| Components`` | |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Assets`` | SPMC state |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Type`` | Denial of service, Spoofing |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Application`` | ``Server`` | ``Mobile`` | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Impact`` | Medium(3) | Medium(3) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Likelihood`` | Medium(3) | Medium(3) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Total Risk Rating`` | Medium(9) | Medium(9) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Mitigations`` | The TF-A SPMC mitigates this threat by defining a |
|
||||
| | a fixed size pool for bitmap allocation. |
|
||||
| | It also limits the designated FF-A calls to be used|
|
||||
| | from NWd endpoints. |
|
||||
| | In the NWd the hypervisor is supposed to limit the |
|
||||
| | access to the designated FF-A call. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ID | 13 |
|
||||
+========================+====================================================+
|
||||
| ``Threat`` | **A malicious endpoint may attempt to destroy the |
|
||||
| | notifications bitmaps in the SPMC, through the |
|
||||
| | FFA_NOTIFICATION_BITMAP_DESTROY.** |
|
||||
| | This might be an attempt to tamper with the SPMC |
|
||||
| | state such that a partition isn't able to receive |
|
||||
| | notifications. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Diagram Elements`` | DF1, DF2, DF3 |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Affected TF-A | SPMC |
|
||||
| Components`` | |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Assets`` | SPMC state |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Type`` | Tampering |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Application`` | ``Server`` | ``Mobile`` | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Impact`` | Low(2) | Low(2) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Likelihood`` | Low(2) | Low(2) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Total Risk Rating`` | Low(4) | Low(4) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Mitigations`` | The TF-A SPMC mitigates this issue by limiting the |
|
||||
| | designated FF-A call to be issued by the NWd. |
|
||||
| | Also, the notifications bitmap can't be destroyed |
|
||||
| | if there are pending notifications. |
|
||||
| | In the NWd, the hypervisor must restrict the |
|
||||
| | NS-endpoints that can issue the designated call. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ID | 14 |
|
||||
+========================+====================================================+
|
||||
| ``Threat`` | **A malicious endpoint might attempt to give |
|
||||
| | permissions to an unintended sender to set |
|
||||
| | notifications targeting another receiver using the |
|
||||
| | FF-A call FFA_NOTIFICATION_BIND.** |
|
||||
| | This might be an attempt to tamper with the SPMC |
|
||||
| | state such that an unintended, and possibly |
|
||||
| | malicious, communication channel is established. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Diagram Elements`` | DF1, DF2, DF3 |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Affected TF-A | SPMC |
|
||||
| Components`` | |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Assets`` | SPMC state |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Type`` | Tampering, Spoofing |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Application`` | ``Server`` | ``Mobile`` | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Impact`` | Low(2) | Low(2) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Likelihood`` | Medium(3) | Medium(3) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Mitigations`` | The TF-A SPMC mitigates this by restricting |
|
||||
| | designated FFA_NOTIFICATION_BIND call to be issued |
|
||||
| | by the receiver only. The receiver is responsible |
|
||||
| | for allocating the notifications IDs to one |
|
||||
| | specific partition. |
|
||||
| | Also, receivers that are not meant to receive |
|
||||
| | notifications, must have notifications receipt |
|
||||
| | disabled in the respective partition's manifest. |
|
||||
| | As for calls coming from NWd, if the NWd VM has had|
|
||||
| | its bitmap allocated at initialization, the TF-A |
|
||||
| | SPMC can't guarantee this threat won't happen. |
|
||||
| | The Hypervisor must mitigate in the NWd, similarly |
|
||||
| | to SPMC for calls in SWd. Though, if the Hypervisor|
|
||||
| | has been compromised, the SPMC won't be able to |
|
||||
| | mitigate it for calls forwarded from NWd. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ID | 15 |
|
||||
+========================+====================================================+
|
||||
| ``Threat`` | **A malicious partition endpoint might attempt to |
|
||||
| | set notifications that are not bound to it.** |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Diagram Elements`` | DF1, DF2, DF3 |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Affected TF-A | SPMC |
|
||||
| Components`` | |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Assets`` | SPMC state |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Type`` | Spoofing |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Application`` | ``Server`` | ``Mobile`` | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Impact`` | Low(2) | Low(2) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Likelihood`` | Low(2) | Low(2) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Total Risk Rating`` | Low(4) | Low(4) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Mitigations`` | The TF-A SPMC mitigates this by checking the |
|
||||
| | sender's ID provided in the input to the call |
|
||||
| | FFA_NOTIFICATION_SET. The SPMC keeps track of which|
|
||||
| | notifications are bound to which sender, for a |
|
||||
| | given receiver. If the sender is an SP, the |
|
||||
| | provided sender ID must match the ID of the |
|
||||
| | currently running partition. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ID | 16 |
|
||||
+========================+====================================================+
|
||||
| ``Threat`` | **A malicious partition endpoint might attempt to |
|
||||
| | get notifications that are not targeted to it.** |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Diagram Elements`` | DF1, DF2, DF3 |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Affected TF-A | SPMC |
|
||||
| Components`` | |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Assets`` | SPMC state |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Type`` | Spoofing |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Application`` | ``Server`` | ``Mobile`` | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Impact`` | Informational(1) | Informational(1)| |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Likelihood`` | Low(2) | Low(2) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Total Risk Rating`` | Low(2) | Low(2) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Mitigations`` | The TF-A SPMC mitigates this by checking the |
|
||||
| | receiver's ID provided in the input to the call |
|
||||
| | FFA_NOTIFICATION_GET. The SPMC keeps track of which|
|
||||
| | notifications are pending for each receiver. |
|
||||
| | The provided receiver ID must match the ID of the |
|
||||
| | currently running partition, if it is an SP. |
|
||||
| | For calls forwarded from NWd, the SPMC will return |
|
||||
| | the pending notifications if the receiver had its |
|
||||
| | bitmap created, and has pending notifications. |
|
||||
| | If Hypervisor or OS kernel are compromised, the |
|
||||
| | SPMC won't be able to mitigate calls from rogue NWd|
|
||||
| | endpoints. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ID | 17 |
|
||||
+========================+====================================================+
|
||||
| ``Threat`` | **A malicious partition endpoint might attempt to |
|
||||
| | get the information about pending notifications, |
|
||||
| | through the FFA_NOTIFICATION_INFO_GET call.** |
|
||||
| | This call is meant to be used by the NWd FF-A |
|
||||
| | driver. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Diagram Elements`` | DF1, DF2, DF3 |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Affected TF-A | SPMC |
|
||||
| Components`` | |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Assets`` | SPMC state |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Type`` | Information disclosure |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Application`` | ``Server`` | ``Mobile`` | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Impact`` | Low(2) | Low(2) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Likelihood`` | Medium(3) | Medium(3) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Mitigations`` | The TF-A SPMC mitigates this by returning error to |
|
||||
| | calls made by SPs to FFA_NOTIFICATION_INFO_GET. |
|
||||
| | If Hypervisor or OS kernel are compromised, the |
|
||||
| | SPMC won't be able mitigate calls from rogue NWd |
|
||||
| | endpoints. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ID | 18 |
|
||||
+========================+====================================================+
|
||||
| ``Threat`` | **A malicious partition endpoint might attempt to |
|
||||
| | flood another partition endpoint with notifications|
|
||||
| | hindering its operation.** |
|
||||
| | The intent of the malicious endpoint could be to |
|
||||
| | interfere with both the receiver's and/or primary |
|
||||
| | endpoint execution, as they can both be preempted |
|
||||
| | by the NPI and SRI, respectively. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Affected TF-A | SPMC |
|
||||
| Components`` | |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Assets`` | SPMC state, SP state, CPU cycles |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
|
||||
+------------------------+----------------------------------------------------+
|
||||
| ``Threat Type`` | DoS |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Application`` | ``Server`` | ``Mobile`` | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Impact`` | Low(2) | Low(2) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Likelihood`` | Medium(3) | Medium(3) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
|
||||
+------------------------+------------------+-----------------+---------------+
|
||||
| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
|
||||
| | However, the impact is limited due to the |
|
||||
| | architecture: |
|
||||
| | - Notifications are not queued, one that has been |
|
||||
| | signaled needs to be retrieved by the receiver, |
|
||||
| | until it can be sent again. |
|
||||
| | - Both SRI and NPI can't be pended until handled |
|
||||
| | which limits the amount of spurious interrupts. |
|
||||
| | - A given receiver could only bind a maximum number|
|
||||
| | of notifications to a given sender, within a given |
|
||||
| | execution context. |
|
||||
+------------------------+----------------------------------------------------+
|
||||
|
||||
---------------
|
||||
|
||||
*Copyright (c) 2021, Arm Limited. All rights reserved.*
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue