xref: /rk3399_ARM-atf/docs/process/security.rst (revision 8aa050554b996406231a66a048b56fa03ba220c8) 
1*8aa05055SPaul BeesleySecurity Handling
2*8aa05055SPaul Beesley=================
3*8aa05055SPaul Beesley
4*8aa05055SPaul BeesleySecurity Disclosures
5*8aa05055SPaul Beesley--------------------
6*8aa05055SPaul Beesley
7*8aa05055SPaul BeesleyWe disclose all security vulnerabilities we find or are advised about that are
8*8aa05055SPaul Beesleyrelevant for ARM Trusted Firmware (TF). We encourage responsible disclosure of
9*8aa05055SPaul Beesleyvulnerabilities and inform users as best we can about all possible issues.
10*8aa05055SPaul Beesley
11*8aa05055SPaul BeesleyWe disclose TF vulnerabilities as Security Advisories. These are listed at the
12*8aa05055SPaul Beesleybottom of this page and announced as issues in the `GitHub issue tracker`_ with
13*8aa05055SPaul Beesleythe "security-advisory" tag. You can receive notification emails for these by
14*8aa05055SPaul Beesleywatching that project.
15*8aa05055SPaul Beesley
16*8aa05055SPaul BeesleyFound a Security Issue?
17*8aa05055SPaul Beesley-----------------------
18*8aa05055SPaul Beesley
19*8aa05055SPaul BeesleyAlthough we try to keep TF secure, we can only do so with the help of the
20*8aa05055SPaul Beesleycommunity of developers and security researchers.
21*8aa05055SPaul Beesley
22*8aa05055SPaul BeesleyIf you think you have found a security vulnerability, please *do not* report it
23*8aa05055SPaul Beesleyin the `GitHub issue tracker`_. Instead send an email to
24*8aa05055SPaul Beesleytrusted-firmware-security@arm.com
25*8aa05055SPaul Beesley
26*8aa05055SPaul BeesleyPlease include:
27*8aa05055SPaul Beesley
28*8aa05055SPaul Beesley* Trusted Firmware version (or commit) affected
29*8aa05055SPaul Beesley
30*8aa05055SPaul Beesley* A description of the concern or vulnerability
31*8aa05055SPaul Beesley
32*8aa05055SPaul Beesley* Details on how to replicate the vulnerability, including:
33*8aa05055SPaul Beesley
34*8aa05055SPaul Beesley  - Configuration details
35*8aa05055SPaul Beesley
36*8aa05055SPaul Beesley  - Proof of concept exploit code
37*8aa05055SPaul Beesley
38*8aa05055SPaul Beesley  - Any additional software or tools required
39*8aa05055SPaul Beesley
40*8aa05055SPaul BeesleyWe recommend using `this PGP/GPG key`_ for encrypting the information. This key
41*8aa05055SPaul Beesleyis also available at http://keyserver.pgp.com and LDAP port 389 of the same
42*8aa05055SPaul Beesleyserver. The fingerprint for this key is:
43*8aa05055SPaul Beesley
44*8aa05055SPaul Beesley::
45*8aa05055SPaul Beesley
46*8aa05055SPaul Beesley    1309 2C19 22B4 8E87 F17B FE5C 3AB7 EFCB 45A0 DFD0
47*8aa05055SPaul Beesley
48*8aa05055SPaul BeesleyIf you would like replies to be encrypted, please provide your public key.
49*8aa05055SPaul Beesley
50*8aa05055SPaul BeesleyPlease give us the time to respond to you and fix the vulnerability before going
51*8aa05055SPaul Beesleypublic. We do our best to respond and fix any issues quickly. We also need to
52*8aa05055SPaul Beesleyensure providers of products that use TF have a chance to consider the
53*8aa05055SPaul Beesleyimplications of the vulnerability and its remedy.
54*8aa05055SPaul Beesley
55*8aa05055SPaul BeesleyAfterwards, we encourage you to write-up your findings about the TF source code.
56*8aa05055SPaul Beesley
57*8aa05055SPaul BeesleyAttribution
58*8aa05055SPaul Beesley-----------
59*8aa05055SPaul Beesley
60*8aa05055SPaul BeesleyWe will name and thank you in the ``change-log.rst`` distributed with the source
61*8aa05055SPaul Beesleycode and in any published security advisory.
62*8aa05055SPaul Beesley
63*8aa05055SPaul BeesleySecurity Advisories
64*8aa05055SPaul Beesley-------------------
65*8aa05055SPaul Beesley
66*8aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
67*8aa05055SPaul Beesley| ID        | Title                                                            |
68*8aa05055SPaul Beesley+===========+==================================================================+
69*8aa05055SPaul Beesley| `TFV-1`_  | Malformed Firmware Update SMC can result in copy of unexpectedly |
70*8aa05055SPaul Beesley|           | large data into secure memory                                    |
71*8aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
72*8aa05055SPaul Beesley| `TFV-2`_  | Enabled secure self-hosted invasive debug interface can allow    |
73*8aa05055SPaul Beesley|           | normal world to panic secure world                               |
74*8aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
75*8aa05055SPaul Beesley| `TFV-3`_  | RO memory is always executable at AArch64 Secure EL1             |
76*8aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
77*8aa05055SPaul Beesley| `TFV-4`_  | Malformed Firmware Update SMC can result in copy or              |
78*8aa05055SPaul Beesley|           | authentication of unexpected data in secure memory in AArch32    |
79*8aa05055SPaul Beesley|           | state                                                            |
80*8aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
81*8aa05055SPaul Beesley| `TFV-5`_  | Not initializing or saving/restoring PMCR_EL0 can leak secure    |
82*8aa05055SPaul Beesley|           | world timing information                                         |
83*8aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
84*8aa05055SPaul Beesley| `TFV-6`_  | Arm Trusted Firmware exposure to speculative processor           |
85*8aa05055SPaul Beesley|           | vulnerabilities using cache timing side-channels                 |
86*8aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
87*8aa05055SPaul Beesley| `TFV-7`_  | Trusted Firmware-A exposure to cache speculation vulnerability   |
88*8aa05055SPaul Beesley|           | Variant 4                                                        |
89*8aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
90*8aa05055SPaul Beesley| `TFV-8`_  | Not saving x0 to x3 registers can leak information from one      |
91*8aa05055SPaul Beesley|           | Normal World SMC client to another                               |
92*8aa05055SPaul Beesley+-----------+------------------------------------------------------------------+
93*8aa05055SPaul Beesley
94*8aa05055SPaul Beesley.. _GitHub issue tracker: https://github.com/ARM-software/tf-issues/issues
95*8aa05055SPaul Beesley.. _this PGP/GPG key: security-reporting.asc
96*8aa05055SPaul Beesley.. _TFV-1: ./security_advisories/security-advisory-tfv-1.rst
97*8aa05055SPaul Beesley.. _TFV-2: ./security_advisories/security-advisory-tfv-2.rst
98*8aa05055SPaul Beesley.. _TFV-3: ./security_advisories/security-advisory-tfv-3.rst
99*8aa05055SPaul Beesley.. _TFV-4: ./security_advisories/security-advisory-tfv-4.rst
100*8aa05055SPaul Beesley.. _TFV-5: ./security_advisories/security-advisory-tfv-5.rst
101*8aa05055SPaul Beesley.. _TFV-6: ./security_advisories/security-advisory-tfv-6.rst
102*8aa05055SPaul Beesley.. _TFV-7: ./security_advisories/security-advisory-tfv-7.rst
103*8aa05055SPaul Beesley.. _TFV-8: ./security_advisories/security-advisory-tfv-8.rst
104