18aa05055SPaul BeesleySecurity Handling 28aa05055SPaul Beesley================= 38aa05055SPaul Beesley 48aa05055SPaul BeesleySecurity Disclosures 58aa05055SPaul Beesley-------------------- 68aa05055SPaul Beesley 755f14059SJohn TsichritzisWe disclose all security vulnerabilities we find, or are advised about, that are 855f14059SJohn Tsichritzisrelevant to Trusted Firmware-A. We encourage responsible disclosure of 98aa05055SPaul Beesleyvulnerabilities and inform users as best we can about all possible issues. 108aa05055SPaul Beesley 1155f14059SJohn TsichritzisWe disclose TF-A vulnerabilities as Security Advisories, all of which are listed 1255f14059SJohn Tsichritzisat the bottom of this page. Any new ones will, additionally, be announced as 1355f14059SJohn Tsichritzisissues in the project's `issue tracker`_ with the ``security-advisory`` tag. You 1455f14059SJohn Tsichritziscan receive notification emails for these by watching the "Trusted Firmware-A" 1555f14059SJohn Tsichritzisproject at https://developer.trustedfirmware.org/. 168aa05055SPaul Beesley 178aa05055SPaul BeesleyFound a Security Issue? 188aa05055SPaul Beesley----------------------- 198aa05055SPaul Beesley 2055f14059SJohn TsichritzisAlthough we try to keep TF-A secure, we can only do so with the help of the 218aa05055SPaul Beesleycommunity of developers and security researchers. 228aa05055SPaul Beesley 23*1367cc19SSandrine BailleuxIf you think you have found a security vulnerability, please **do not** report 24*1367cc19SSandrine Bailleuxit in the `issue tracker`_. Instead, please follow the `TrustedFirmware.org 25*1367cc19SSandrine Bailleuxsecurity incident process`_. One of the goals of this process is to ensure 26*1367cc19SSandrine Bailleuxproviders of products that use TF-A have a chance to consider the implications 27*1367cc19SSandrine Bailleuxof the vulnerability and its remedy before it is made public. As such, please 28*1367cc19SSandrine Bailleuxfollow the disclosure plan outlined in the process. We do our best to respond 29*1367cc19SSandrine Bailleuxand fix any issues quickly. 308aa05055SPaul Beesley 3155f14059SJohn TsichritzisAfterwards, we encourage you to write-up your findings about the TF-A source 3255f14059SJohn Tsichritziscode. 338aa05055SPaul Beesley 348aa05055SPaul BeesleyAttribution 358aa05055SPaul Beesley----------- 368aa05055SPaul Beesley 37*1367cc19SSandrine BailleuxWe will name and thank you in the :ref:`Change Log & Release Notes` distributed 38*1367cc19SSandrine Bailleuxwith the source code and in any published security advisory. 398aa05055SPaul Beesley 408aa05055SPaul BeesleySecurity Advisories 418aa05055SPaul Beesley------------------- 428aa05055SPaul Beesley 438aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 448aa05055SPaul Beesley| ID | Title | 458aa05055SPaul Beesley+===========+==================================================================+ 4634760951SPaul Beesley| |TFV-1| | Malformed Firmware Update SMC can result in copy of unexpectedly | 478aa05055SPaul Beesley| | large data into secure memory | 488aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 4934760951SPaul Beesley| |TFV-2| | Enabled secure self-hosted invasive debug interface can allow | 508aa05055SPaul Beesley| | normal world to panic secure world | 518aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5234760951SPaul Beesley| |TFV-3| | RO memory is always executable at AArch64 Secure EL1 | 538aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5434760951SPaul Beesley| |TFV-4| | Malformed Firmware Update SMC can result in copy or | 558aa05055SPaul Beesley| | authentication of unexpected data in secure memory in AArch32 | 568aa05055SPaul Beesley| | state | 578aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5834760951SPaul Beesley| |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure | 598aa05055SPaul Beesley| | world timing information | 608aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6134760951SPaul Beesley| |TFV-6| | Trusted Firmware-A exposure to speculative processor | 628aa05055SPaul Beesley| | vulnerabilities using cache timing side-channels | 638aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6434760951SPaul Beesley| |TFV-7| | Trusted Firmware-A exposure to cache speculation vulnerability | 658aa05055SPaul Beesley| | Variant 4 | 668aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6734760951SPaul Beesley| |TFV-8| | Not saving x0 to x3 registers can leak information from one | 688aa05055SPaul Beesley| | Normal World SMC client to another | 698aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 708aa05055SPaul Beesley 7155f14059SJohn Tsichritzis.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/ 7234760951SPaul Beesley 7334760951SPaul Beesley.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)` 7434760951SPaul Beesley.. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)` 7534760951SPaul Beesley.. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)` 7634760951SPaul Beesley.. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)` 7734760951SPaul Beesley.. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)` 7834760951SPaul Beesley.. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)` 7934760951SPaul Beesley.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)` 8034760951SPaul Beesley.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)` 8134760951SPaul Beesley 82*1367cc19SSandrine Bailleux.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/ 83*1367cc19SSandrine Bailleux 8434760951SPaul Beesley-------------- 8534760951SPaul Beesley 86*1367cc19SSandrine Bailleux*Copyright (c) 2019-2020, Arm Limited. All rights reserved.* 87