Lines Matching refs:A
8 This document provides a generic threat model for TF-A firmware.
17 Firmware for A-class Processors (TF-A). This includes the boot ROM (BL1),
22 TF-A can be configured in various ways. In this threat model we consider
26 - All TF-A images are run from either ROM or on-chip trusted SRAM. This means
27 TF-A is not vulnerable to an attacker that can probe or tamper with off-chip
39 The :ref:`Threat Model for TF-A with Arm CCA support` covers these types of
51 Figure 1 shows a high-level data flow diagram for TF-A. The diagram
52 shows a model of the different components of a TF-A-based system and
53 their interactions with TF-A. A description of each diagram element
56 are considered untrusted by TF-A.
60 :caption: Figure 1: TF-A Data Flow Diagram
62 .. table:: Table 1: TF-A Data Flow Diagram Description
68 | | memory and verified by TF-A boot firmware. These |
69 | | images include TF-A BL2 and BL31 images, as well as |
72 | DF2 | | TF-A log system framework outputs debug or |
78 | | to registers and memory of TF-A. |
81 | | with TF-A through SMC call interface and/or shared |
85 | | with TF-A through SMC call interface and/or shared |
88 | DF6 | | This path represents the interaction between TF-A and|
90 | | and GIC. At boot time TF-A configures/initializes the|
102 In this section we identify and provide assessment of potential threats to TF-A
114 We have identified the following assets for TF-A:
116 .. table:: Table 2: TF-A Assets
127 | | platform should run only TF-A code approved by |
130 | Availability | | This represents the requirement that TF-A |
153 | | TF-A resources |
212 | Medium (3) | | Noticeable impact to | | A knowledgeable insider |
262 target environment in which TF-A is running. For example, attacks
322 | Affected TF-A | BL1, BL2, BL31 |
333 | Impact | N/A | Low (2) | Low (2) |
335 | Likelihood | N/A | High (4) | High (4) |
337 | Total Risk Rating | N/A | Medium (8) | Medium (8) |
378 | | modify TF-A registers and memory allowing the |
384 | Affected TF-A | BL1, BL2, BL31 |
396 | Impact | N/A | High (4) | High (4) |
398 | Likelihood | N/A | Critical (5) | Critical (5) |
400 | Total Risk Rating | N/A | Critical (20) | Critical (20) |
422 | | | Like in other software, TF-A has multiple points |
434 | Affected TF-A | BL1, BL2, BL31 |
467 | | `TF-A error handling policy`_. TF-A provides an |
473 | | TF-A uses a combination of manual code reviews |
475 | | detect and fix memory corruption bugs. All TF-A |
478 | | is performed using Coverity Scan on all TF-A code. |
480 | | `Trusted Firmware-A Tests`_ on Juno and FVP |
494 | | | A misconfiguration of the MMU could |
502 | Affected TF-A | BL1, BL2, BL31 |
533 | | | TF-A provides a library which abstracts the |
553 | Affected TF-A | BL1, BL2, BL31 |
583 | | with TF-A execution environment.** |
594 | Affected TF-A | BL1, BL2, BL31 |
634 | | | A timing side-channel attack is a type of attack |
650 | Affected TF-A | BL1, BL2, BL31 |
704 | | | Some TF-A images are loaded from external |
713 | Affected TF-A | BL2, BL31 |
756 | Affected TF-A | BL2, BL31 |
808 | Affected TF-A | BL1, BL2 |
819 | Impact | N/A | Critical (5) | Critical (5) |
821 | Likelihood | N/A | Medium (3) | Medium (3) |
823 | Total Risk Rating | N/A | High (15) | High (15) |
847 | | | TF-A relies on a chain of trust that starts with the|
860 | Affected TF-A | BL1, BL2 |
871 | Impact | N/A | Critical (5) | Critical (5) |
873 | Likelihood | N/A | Medium (3) | Medium (3) |
875 | Total Risk Rating | N/A | High (15) | High (15) |
889 | | to harden TF-A against such attacks. |
890 | | **At the moment TF-A doesn't implement such |
919 The current Measured Boot design consists of two main parts. A frontend, which
921 for storing them. |TF-A| makes it possible to integrate various backends. Some
922 of these are implemented by the |TF-A| projects, while others are part of
923 different projects, and |TF-A| provides an integration layer.
925 - TCG-compliant Event Log: Implemented by |TF-A|. Measurements are stored in
928 measurements are appended to the Event Log. A limitation of the current
929 Measured Boot implementation in |TF-A| is that it does not extend the
932 - Discrete |TPM|: Implemented in |TF-A| as a proof of concept, the Discrete
949 to protect or threats to defend against that could compromise |TF-A| execution
960 TF-A does not provide any mitigations against these physical vulnerabilities,
967 attestation. However, these are outside the |TF-A| security boundary and
989 | | | Secure and non-secure clients access TF-A services |
991 | | place the TF-A runtime into an inconsistent state |
997 | Affected TF-A | BL31 |
1032 | | | When switching between worlds, TF-A register state |
1038 | Affected TF-A | BL31 |
1060 | | | This is the default behaviour in TF-A. |
1070 | | TF-A memory via microarchitectural side channels**|
1076 | | data from TF-A memory. |
1080 | Affected TF-A | BL31 |
1101 | | | TF-A implements software mitigations for Spectre |
1124 | | side-channel timing attacks against TF-A. |
1128 | Affected TF-A | BL31 |
1167 Threats to be Mitigated by an External Agent Outside of TF-A
1186 | Affected TF-A | BL31, BL32 |
1209 | Mitigations | | None in TF-A itself. This option is only used by |
1226 .. _TF-A error handling policy: https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-g… argument
1228 .. _Trusted Firmware-A Tests: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/about/ argument