docs(threat-model): make measured boot out of scope

Add an explicit note that measured boot is out of scope of the threat
model. For example, we have no threat related to the secure
management of measurements, nor do we list its security benefits
(e.g. in terms of repudiation).

This might be a future improvement to the threat model but for now
just acknowledge it is not considered.

Change-Id: I2fb799a2ef0951aa681a755a948bd2b67415d156
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
This commit is contained in:
Sandrine Bailleux 2022-05-16 15:10:27 +02:00
parent 3d6cc21066
commit d08c496699
1 changed files with 3 additions and 0 deletions

View File

@ -36,6 +36,9 @@ assumptions:
- There is no Secure-EL2. We don't consider threats that may come with
Secure-EL2 software.
- Measured boot is disabled. We do not consider the threats nor the mitigations
that may come with it.
- No experimental features are enabled. We do not consider threats that may come
from them.