xref: /rk3399_ARM-atf/docs/process/security.rst (revision 55f140591a57467e62255c4522520ab2e6eb0c27) 
18aa05055SPaul BeesleySecurity Handling
28aa05055SPaul Beesley=================
38aa05055SPaul Beesley
48aa05055SPaul BeesleySecurity Disclosures
58aa05055SPaul Beesley--------------------
68aa05055SPaul Beesley
7*55f14059SJohn TsichritzisWe disclose all security vulnerabilities we find, or are advised about, that are
8*55f14059SJohn Tsichritzisrelevant to Trusted Firmware-A. We encourage responsible disclosure of
98aa05055SPaul Beesleyvulnerabilities and inform users as best we can about all possible issues.
108aa05055SPaul Beesley
11*55f14059SJohn TsichritzisWe disclose TF-A vulnerabilities as Security Advisories, all of which are listed
12*55f14059SJohn Tsichritzisat the bottom of this page. Any new ones will, additionally, be announced as
13*55f14059SJohn Tsichritzisissues in the project's `issue tracker`_ with the ``security-advisory`` tag. You
14*55f14059SJohn Tsichritziscan receive notification emails for these by watching the "Trusted Firmware-A"
15*55f14059SJohn Tsichritzisproject at https://developer.trustedfirmware.org/.
168aa05055SPaul Beesley
178aa05055SPaul BeesleyFound a Security Issue?
188aa05055SPaul Beesley-----------------------
198aa05055SPaul Beesley
20*55f14059SJohn TsichritzisAlthough we try to keep TF-A secure, we can only do so with the help of the
218aa05055SPaul Beesleycommunity of developers and security researchers.
228aa05055SPaul Beesley
23*55f14059SJohn TsichritzisIf you think you have found a security vulnerability, please **do not** report it
24*55f14059SJohn Tsichritzisin the `issue tracker`_. Instead send an email to
258aa05055SPaul Beesleytrusted-firmware-security@arm.com
268aa05055SPaul Beesley
278aa05055SPaul BeesleyPlease include:
288aa05055SPaul Beesley
29*55f14059SJohn Tsichritzis* Trusted Firmware-A version (or commit) affected
308aa05055SPaul Beesley
318aa05055SPaul Beesley* A description of the concern or vulnerability
328aa05055SPaul Beesley
338aa05055SPaul Beesley* Details on how to replicate the vulnerability, including:
348aa05055SPaul Beesley
358aa05055SPaul Beesley  - Configuration details
368aa05055SPaul Beesley
378aa05055SPaul Beesley  - Proof of concept exploit code
388aa05055SPaul Beesley
398aa05055SPaul Beesley  - Any additional software or tools required
408aa05055SPaul Beesley
418aa05055SPaul BeesleyWe recommend using `this PGP/GPG key`_ for encrypting the information. This key
428aa05055SPaul Beesleyis also available at http://keyserver.pgp.com and LDAP port 389 of the same
438aa05055SPaul Beesleyserver. The fingerprint for this key is:
448aa05055SPaul Beesley
458aa05055SPaul Beesley::
468aa05055SPaul Beesley
478aa05055SPaul Beesley    1309 2C19 22B4 8E87 F17B FE5C 3AB7 EFCB 45A0 DFD0
488aa05055SPaul Beesley
498aa05055SPaul BeesleyIf you would like replies to be encrypted, please provide your public key.
508aa05055SPaul Beesley
518aa05055SPaul BeesleyPlease give us the time to respond to you and fix the vulnerability before going
528aa05055SPaul Beesleypublic. We do our best to respond and fix any issues quickly. We also need to
53*55f14059SJohn Tsichritzisensure providers of products that use TF-A have a chance to consider the
548aa05055SPaul Beesleyimplications of the vulnerability and its remedy.
558aa05055SPaul Beesley
56*55f14059SJohn TsichritzisAfterwards, we encourage you to write-up your findings about the TF-A source
57*55f14059SJohn Tsichritziscode.
588aa05055SPaul Beesley
598aa05055SPaul BeesleyAttribution
608aa05055SPaul Beesley-----------
618aa05055SPaul Beesley
628aa05055SPaul BeesleyWe will name and thank you in the ``change-log.rst`` distributed with the source
638aa05055SPaul Beesleycode and in any published security advisory.
648aa05055SPaul Beesley
658aa05055SPaul BeesleySecurity Advisories
668aa05055SPaul Beesley-------------------
678aa05055SPaul Beesley
688aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
698aa05055SPaul Beesley| ID        | Title                                                            |
708aa05055SPaul Beesley+===========+==================================================================+
718aa05055SPaul Beesley| `TFV-1`_  | Malformed Firmware Update SMC can result in copy of unexpectedly |
728aa05055SPaul Beesley|           | large data into secure memory                                    |
738aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
748aa05055SPaul Beesley| `TFV-2`_  | Enabled secure self-hosted invasive debug interface can allow    |
758aa05055SPaul Beesley|           | normal world to panic secure world                               |
768aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
778aa05055SPaul Beesley| `TFV-3`_  | RO memory is always executable at AArch64 Secure EL1             |
788aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
798aa05055SPaul Beesley| `TFV-4`_  | Malformed Firmware Update SMC can result in copy or              |
808aa05055SPaul Beesley|           | authentication of unexpected data in secure memory in AArch32    |
818aa05055SPaul Beesley|           | state                                                            |
828aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
838aa05055SPaul Beesley| `TFV-5`_  | Not initializing or saving/restoring PMCR_EL0 can leak secure    |
848aa05055SPaul Beesley|           | world timing information                                         |
858aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
86*55f14059SJohn Tsichritzis| `TFV-6`_  | Trusted Firmware-A exposure to speculative processor             |
878aa05055SPaul Beesley|           | vulnerabilities using cache timing side-channels                 |
888aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
898aa05055SPaul Beesley| `TFV-7`_  | Trusted Firmware-A exposure to cache speculation vulnerability   |
908aa05055SPaul Beesley|           | Variant 4                                                        |
918aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
928aa05055SPaul Beesley| `TFV-8`_  | Not saving x0 to x3 registers can leak information from one      |
938aa05055SPaul Beesley|           | Normal World SMC client to another                               |
948aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
958aa05055SPaul Beesley
96*55f14059SJohn Tsichritzis.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
978aa05055SPaul Beesley.. _this PGP/GPG key: security-reporting.asc
988aa05055SPaul Beesley.. _TFV-1: ./security_advisories/security-advisory-tfv-1.rst
998aa05055SPaul Beesley.. _TFV-2: ./security_advisories/security-advisory-tfv-2.rst
1008aa05055SPaul Beesley.. _TFV-3: ./security_advisories/security-advisory-tfv-3.rst
1018aa05055SPaul Beesley.. _TFV-4: ./security_advisories/security-advisory-tfv-4.rst
1028aa05055SPaul Beesley.. _TFV-5: ./security_advisories/security-advisory-tfv-5.rst
1038aa05055SPaul Beesley.. _TFV-6: ./security_advisories/security-advisory-tfv-6.rst
1048aa05055SPaul Beesley.. _TFV-7: ./security_advisories/security-advisory-tfv-7.rst
1058aa05055SPaul Beesley.. _TFV-8: ./security_advisories/security-advisory-tfv-8.rst
106