Lines Matching refs:of
16 project through other piece of code or packages the project depends on. This
25 This document provides analysis of software supply chain attack threats for the
32 A brief description of each component is provided below.
42 Tree Binary (DTB) files. It is part of the Device Tree Compiler (DTC)
43 toolchain [1]_. DTC is used as part of the build process on the host machine
48 - *compiler-rt*: This is a collection of runtime libraries from the LLVM
73 These are software components that are not part of the TF-A repository but are
83 The following table lists TF-A dependencies including the sources of the
89 | Dependency | Location of Dependency | Original Source |
106 description of each component and where they are sourced from.
131 installed through the use of the Node.js package manager. They are pinned to
132 specific versions described by the package.json file in the root of the TF-A
134 point of installation. These tools may be installed locally on the developer
149 of tf.org infrastructure.
177 | | of business if exploited. | little effort and skill. |
179 | MEDIUM | Noticeable impact to line of | An expert attacker could exploit |
228 | | through GitHub. The likelihood of a credential compromise |
230 | | of GitHub is strong if the recommended best practices are |
235 | | of the password and factors such as whether the |
237 | | likelihood of a compromise can be higher. |
252 | Mitigations | We have not disallowed self-review/merge of patches |
268 | impact | maintainers of TF-A are selected by their peers based on |
269 | | merit. Some of the criteria of becoming a maintainer |
270 | | include being an active member of the project for a |
271 | | minimum duration and contributing a substantial number of |
278 | | | - There is no continuous monitoring of the status of a |
295 | implemented?| maintainers, but self-review/merge of patches is not |
312 | | therefore the likelihood of injecting malicious code as a |
328 | | end in some form of attack vector |
345 | Threat and | | TF-A has two types of dependencies: those that are copied |
346 | impact | into the TF-A repository and shipped as part of TF-A code |
358 | | example, there are already multiple forks of *libfdt* |
364 | | | The likelihood of an attack on TF-A through internal |
373 | | over the past 4 years). This reduces the window of |
377 | Proposed | - Explicitly document versions and official sources of |
379 | | - Keep a copy of a pinned version of the source code inside |
380 | | the TF-A tree so that the risk of getting malicious code |
386 | implemented?| of dependencies, keep a copy of pinned versions of the |
405 | | about the versions of dependencies used for testing and |
408 | | likelihood of an attack through an external dependency is |
411 | | | The impact of an attack ranges from low to critical |
412 | | depending on which dependency and what part of the |
416 | | bypass the TBB process of TF-A. |
418 | Proposed | - Explicitly document versions and official sources of |
421 | | the latest stable release of external dependencies |
423 | Mitigations | We explicitly document versions and official sources of |
425 | | options to automatically fetch the latest stable release of |
432 | Description | An attacker can upload malicious versions of TF-A by |
433 | | compromising credentials of administrator accounts on |
441 | impact | likelihood and impact of the two attacks are different. |
443 | | | The likelihood of compromising administrator credentials |
444 | | is lower than that of a maintainer’s (assuming both use |
445 | | authentication methods of similar strength) as there are |
446 | | smaller number of administrators than maintainers. On the |
452 | | - An administrator can potentially rewrite the history of |
465 | Description | An attacker can upload malicious versions of TF-A after |
473 | Threat and | | There are no reports of someone exploiting a |
475 | | contributions. However, there are examples of |
481 | | detected quickly, making the window of opportunity for |
484 | Proposed | - Monitor alerts of any vulnerabilities that might affect |
488 | Mitigations | Yes, alerts of vulnerabilities are monitored and tf.org is |
495 | Description | An attacker can host a malicious version of TF-A on an |
506 | | Similarly, an attacker can create a mirror of the TF-A |
512 | Proposed | - Users should carefully check the URL of the website |
513 | Mitigations | before visiting it and the URL of the repository before |
515 | | - Accept reports of spoofing attacks on tf.org and |
518 | Mitigations | We accept reports of spoofing attacks on tf.org and will |
532 | Threat and | | End-users of TF-A use make (or cmake), compilers and |
535 | | and official sources of tools used to build TF-A, users |
541 | Proposed | - Explicitly document versions and official sources of |
544 | | release of toolchains |
546 | Mitigations | We explicitly document versions and official sources of |
548 | | automatically fetch the latest stable release of toolchains |
561 | Threat and | | Users of the Node.js tools, including the CI, may be |
563 | | by the Node.js dependency auditor. Users of these tools |
567 | | enable retrieval of user credentials. |
573 | Proposed | - Limit Node.js tools to a minimal set of trusted packages |
580 | Mitigations | Yes, Node.js tools are limited to a minimal set of trusted |
590 Summary of trustedfirmware.org security:
592 .. table:: Table 2: Security information of trustedfirmware.org
669 | | with a couple of | strength etc are | and keep servers |
721 | | of the webhook | is required | |
751 .. [12] "Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks"