Merge "feat(handoff): add firmware handoff threat model" into integration

feat(handoff): add firmware handoff threat model

Add threat model covering the Transfer List library (libTL) which
provides TF-A's implementation of the firmware handoff framework.

Change-Id: Idac6

feat(handoff): add firmware handoff threat model

Add threat model covering the Transfer List library (libTL) which
provides TF-A's implementation of the firmware handoff framework.

Change-Id: Idac6d5d423ed95bc4f0460a80007fd8d45976b19
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>

show more ...

Merge "feat(docs): update context management's threat model" into integration

feat(docs): update context management's threat model

Improperly configuring cpu features (ENABLE_FEAT_XYZ) can lead to broken
firmware or, in rare cases, panic at EL3. This makes Denial of service a

feat(docs): update context management's threat model

Improperly configuring cpu features (ENABLE_FEAT_XYZ) can lead to broken
firmware or, in rare cases, panic at EL3. This makes Denial of service a
valid threat on the Availability asset.

Since the original model, we've gained FEATURE_DETECTION which is meant
to help get platforms configured correctly.

Change-Id: I10f9870173fc4b24ea14a24197537d46ead9f789
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): update mboot threat model with dTPM
docs(tpm): add design documentation for dTPM
fix(rpi3): expose BL1_RW to BL2 ma

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): update mboot threat model with dTPM
docs(tpm): add design documentation for dTPM
fix(rpi3): expose BL1_RW to BL2 map for mboot
feat(rpi3): add dTPM backed measured boot
feat(tpm): add Infineon SLB9670 GPIO SPI config
feat(tpm): add tpm drivers and framework
feat(io): add generic gpio spi bit-bang driver
feat(rpi3): implement eventlog handoff to BL33
feat(rpi3): implement mboot for rpi3

show more ...

feat(docs): update mboot threat model with dTPM

Add the discrete TPM to the TCG event log section of the measured boot
threat model. Include the example of a physical vurnerability that can
be used

feat(docs): update mboot threat model with dTPM

Add the discrete TPM to the TCG event log section of the measured boot
threat model. Include the example of a physical vurnerability that can
be used to compromise a dTPM.

Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: I2c06edf5e9031adc970c24426a8ae52b06efb614

show more ...

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): add DPE to RSE desing doc
feat(docs): add RSE provided mboot backends to the threat model
feat(docs): update mboot t

Merge changes from topic "dtpm_poc" into integration

* changes:
feat(docs): add DPE to RSE desing doc
feat(docs): add RSE provided mboot backends to the threat model
feat(docs): update mboot threat model

show more ...

feat(docs): add RSE provided mboot backends to the threat model

Add CCA Measured Boot and DPE measured boot backends to
the threat model.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I23

feat(docs): add RSE provided mboot backends to the threat model

Add CCA Measured Boot and DPE measured boot backends to
the threat model.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I234a2400d00fea606c5312ebddf94e2624463ff8

show more ...

feat(docs): update mboot threat model

Restructure Measured Boot threat model for more description and clarity:
- Add what critical assets are to be protected.
- Mention other attributes and the poss

feat(docs): update mboot threat model

Restructure Measured Boot threat model for more description and clarity:
- Add what critical assets are to be protected.
- Mention other attributes and the possible attacks.
- Rephrase the section that describes the Measured Boot backends.

Change-Id: I6577a56184992bf16f4aa1b773d1636781cbb049
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>

show more ...

Merge "docs(threat_model): cover the 'timing' side channel threat" into integration

docs(threat_model): cover the 'timing' side channel threat

Incorporate a timing side-channel attack into the TF-A generic
threat model. There is no software mitigation measures in TF-A
against this

docs(threat_model): cover the 'timing' side channel threat

Incorporate a timing side-channel attack into the TF-A generic
threat model. There is no software mitigation measures in TF-A
against this specific type of attack.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I10e53f8ed85a6da32de4fa6a210805f950018102

show more ...

Merge "docs(threat_model): mark power analysis threats out-of-scope" into integration

docs(threat_model): mark power analysis threats out-of-scope

Exclude the threat of power analysis side-channel attacks
from consideration in the TF-A generic threat model.

Signed-off-by: Manish V B

docs(threat_model): mark power analysis threats out-of-scope

Exclude the threat of power analysis side-channel attacks
from consideration in the TF-A generic threat model.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I5b245f33609fe8948e473ce4484898db5ff8db4d

show more ...

Merge "docs(threat-model): supply chain threat model TF-A" into integration

docs(threat-model): supply chain threat model TF-A

Software supply chain attacks aim to inject malicious code into a
software product. There are several ways a malicious code can be
injected into a

docs(threat-model): supply chain threat model TF-A

Software supply chain attacks aim to inject malicious code into a
software product. There are several ways a malicious code can be
injected into a software product (open-source project).

These include:
- Malicious code commits
- Malicious dependencies
- Malicious toolchains

This document provides analysis of software supply chain attack
threats for the TF-A project

Change-Id: I03545d65a38dc372f3868a16c725b7378640a771
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

show more ...