| #
348446ad |
| 11-Oct-2023 |
Sandrine Bailleux <sandrine.bailleux@arm.com> |
docs(threat-model): cover threats inherent to receiving data over UART
TF-A supports reading input data from UART interfaces. This opens up
an attack vector for arbitrary data to be injected into TF
docs(threat-model): cover threats inherent to receiving data over UART
TF-A supports reading input data from UART interfaces. This opens up
an attack vector for arbitrary data to be injected into TF-A, which is
not covered in the threat model right now.
Fill this gap by:
- Updating the data flow diagrams. Data may flow from the UART into
TF-A (and not only the other way around).
- Documenting the threats inherent to reading untrusted data from a
UART.
Change-Id: I508da5d2f7ad5d20717b958d76ab9337c5eca50f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
show more ...
|
| #
7006f208 |
| 25-Feb-2021 |
Zelalem <zelalem.aweke@arm.com> |
docs(threat model): add TF-A threat model
This is the first release of the public Trusted
Firmware A class threat model. This release
provides the baseline for future updates to be
applied as requir
docs(threat model): add TF-A threat model
This is the first release of the public Trusted
Firmware A class threat model. This release
provides the baseline for future updates to be
applied as required by developments to the
TF-A code base.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I3c9aadc46196837679f0b1377bec9ed4fc42ff11
show more ...
|