Home
last modified time | relevance | path

Searched hist:"446354122 cea54255630d250064f5f889045acb0" (Results 1 – 2 of 2) sorted by relevance

/rk3399_ARM-atf/docs/resources/diagrams/plantuml/
H A Dtfa_arm_cca_dfd.puml446354122cea54255630d250064f5f889045acb0 Wed Sep 06 14:11:12 UTC 2023 Sandrine Bailleux <sandrine.bailleux@arm.com> docs(threat-model): add a threat model for TF-A with Arm CCA

Arm Confidential Compute Architecture (Arm CCA) support, underpinned by
Arm Realm Management Extension (RME) support, brings in a few important
software and hardware architectural changes in TF-A, which warrants a
new security analysis of the code base. Results of this analysis are
captured in a new threat model document, provided in this patch.

The main changes introduced in TF-A to support Arm CCA / RME are:

- Presence of a new threat agent: realm world clients.

- Availability of Arm CCA Hardware Enforced Security (HES) to support
measured boot and trusted boot.

- Configuration of the Granule Protection Tables (GPT) for
inter-world memory protection.

This is only an initial version of the threat model and we expect to
enrich it in the future.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iab84dc724df694511508f90dc76b6d469c4cccd5
/rk3399_ARM-atf/docs/threat_model/
H A Dindex.rst446354122cea54255630d250064f5f889045acb0 Wed Sep 06 14:11:12 UTC 2023 Sandrine Bailleux <sandrine.bailleux@arm.com> docs(threat-model): add a threat model for TF-A with Arm CCA

Arm Confidential Compute Architecture (Arm CCA) support, underpinned by
Arm Realm Management Extension (RME) support, brings in a few important
software and hardware architectural changes in TF-A, which warrants a
new security analysis of the code base. Results of this analysis are
captured in a new threat model document, provided in this patch.

The main changes introduced in TF-A to support Arm CCA / RME are:

- Presence of a new threat agent: realm world clients.

- Availability of Arm CCA Hardware Enforced Security (HES) to support
measured boot and trusted boot.

- Configuration of the Granule Protection Tables (GPT) for
inter-world memory protection.

This is only an initial version of the threat model and we expect to
enrich it in the future.

Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iab84dc724df694511508f90dc76b6d469c4cccd5