Lines Matching refs:A
1 TF-A Supply Chain Threat Model
26 TF-A project.
28 TF-A Overview
31 Figure 1 shows the different software components surrounding the TF-A project.
32 A brief description of each component is provided below.
34 TF-A Repository
37 The TF-A repository contains generic and platform code contributed by TF-A
52 The TF-A repository also includes source code for host tools that supplement
53 the TF-A build process. These tools include:
57 loaded by TF-A from non-volatile platform storage.
67 |TF-A System Diagram|
68 *Figure 1: TF-A System Diagram*
73 These are software components that are not part of the TF-A repository but are
74 required to build TF-A binaries and host tools.
77 (tf.org). It is required to build TF-A binaries where cryptography features
80 - *OpenSSL Library*: This is another cryptography library used by TF-A host
83 The following table lists TF-A dependencies including the sources of the
86 .. table:: Table 1: TF-A Dependencies
105 These are binaries used to test TF-A based systems. Below is a brief
118 Other software components used to test TF-A include U-Boot, Linux kernel, RSE,
121 TF-A Toolchain
124 The TF-A project uses several tools to build, analyze and test the TF-A source
132 specific versions described by the package.json file in the root of the TF-A
147 TF-A uses trustedfirmware.org (tf.org) and Arm infrastructures to host the
148 source code, review code and run tests. Appendix A provides a security analysis
151 TF-A Data Flow
154 Figure 2 below shows the data flow diagram for TF-A. The broken red lines
157 |TF-A Data Flow Diagram|
158 *Figure 2: TF-A Data Flow Diagram*
163 |TF-A Attack Tree|
164 *Figure 3: TF-A Attack Tree*
220 | Threat and | | In the TF-A code review process all submitted changes |
223 | | an integration branch by a maintainer. A maintainer has |
268 | impact | maintainers of TF-A are selected by their peers based on |
309 | Threat and | | TF-A accepts external contributions to both the generic |
338 | Description | An attacker can inject malicious code into TF-A internal |
345 | Threat and | | TF-A has two types of dependencies: those that are copied |
346 | impact | into the TF-A repository and shipped as part of TF-A code |
349 | | when building TF-A (referred to as |
352 | | | Currently TF-A has three internal dependencies: *libfdt* |
364 | | | The likelihood of an attack on TF-A through internal |
380 | | the TF-A tree so that the risk of getting malicious code |
395 | Description | An attacker can inject malicious code into TF-A external |
404 | | Although the TF-A documentation provides information |
416 | | bypass the TBB process of TF-A. |
432 | Description | An attacker can upload malicious versions of TF-A by |
450 | | | - An administrator can upload a malicious TF-A |
465 | Description | An attacker can upload malicious versions of TF-A after |
485 | Mitigations | TF-A repository |
495 | Description | An attacker can host a malicious version of TF-A on an |
505 | | spoofing) and host a malicious TF-A source repository. |
506 | | Similarly, an attacker can create a mirror of the TF-A |
532 | Threat and | | End-users of TF-A use make (or cmake), compilers and |
533 | impact | linkers (armgcc, armclang or LLVM) to build TF-A |
534 | | binaries. Although TF-A documentation specifies versions |
535 | | and official sources of tools used to build TF-A, users |
587 Appendix A
661 | | [14]_ | - A ci-bot-user | |
712 | ReadTheDocs| - One webhook ID | - One TF-A account | - Keep database |
751 .. [12] "Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks"
757 .. |TF-A System Diagram| image:: ../resources/diagrams/tf-a_system_diagram.png
758 .. |TF-A Data Flow Diagram| image:: ../resources/diagrams/tf-a_data_flow_diagram.png
759 .. |TF-A Attack Tree| image:: ../resources/diagrams/tf-a_attack_tree.png