From d08c496699ae4b9bd5c072615c134206e3edbad7 Mon Sep 17 00:00:00 2001 From: Sandrine Bailleux Date: Mon, 16 May 2022 15:10:27 +0200 Subject: [PATCH] docs(threat-model): make measured boot out of scope Add an explicit note that measured boot is out of scope of the threat model. For example, we have no threat related to the secure management of measurements, nor do we list its security benefits (e.g. in terms of repudiation). This might be a future improvement to the threat model but for now just acknowledge it is not considered. Change-Id: I2fb799a2ef0951aa681a755a948bd2b67415d156 Signed-off-by: Sandrine Bailleux --- docs/threat_model/threat_model.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst index 86b21345f..2e11a9479 100644 --- a/docs/threat_model/threat_model.rst +++ b/docs/threat_model/threat_model.rst @@ -36,6 +36,9 @@ assumptions: - There is no Secure-EL2. We don't consider threats that may come with Secure-EL2 software. +- Measured boot is disabled. We do not consider the threats nor the mitigations + that may come with it. + - No experimental features are enabled. We do not consider threats that may come from them.