18aa05055SPaul BeesleySecurity Handling 28aa05055SPaul Beesley================= 38aa05055SPaul Beesley 48aa05055SPaul BeesleySecurity Disclosures 58aa05055SPaul Beesley-------------------- 68aa05055SPaul Beesley 755f14059SJohn TsichritzisWe disclose all security vulnerabilities we find, or are advised about, that are 855f14059SJohn Tsichritzisrelevant to Trusted Firmware-A. We encourage responsible disclosure of 98aa05055SPaul Beesleyvulnerabilities and inform users as best we can about all possible issues. 108aa05055SPaul Beesley 1155f14059SJohn TsichritzisWe disclose TF-A vulnerabilities as Security Advisories, all of which are listed 1255f14059SJohn Tsichritzisat the bottom of this page. Any new ones will, additionally, be announced as 1355f14059SJohn Tsichritzisissues in the project's `issue tracker`_ with the ``security-advisory`` tag. You 1455f14059SJohn Tsichritziscan receive notification emails for these by watching the "Trusted Firmware-A" 1555f14059SJohn Tsichritzisproject at https://developer.trustedfirmware.org/. 168aa05055SPaul Beesley 178aa05055SPaul BeesleyFound a Security Issue? 188aa05055SPaul Beesley----------------------- 198aa05055SPaul Beesley 2055f14059SJohn TsichritzisAlthough we try to keep TF-A secure, we can only do so with the help of the 218aa05055SPaul Beesleycommunity of developers and security researchers. 228aa05055SPaul Beesley 23*ecad5b89SSandrine Bailleux.. warning:: 24*ecad5b89SSandrine Bailleux If you think you have found a security vulnerability, please **do not** 25*ecad5b89SSandrine Bailleux report it in the `issue tracker`_ or on the `mailing list`_. Instead, please 26*ecad5b89SSandrine Bailleux follow the `TrustedFirmware.org security incident process`_. 27*ecad5b89SSandrine Bailleux 28*ecad5b89SSandrine BailleuxOne of the goals of this process is to ensure providers of products that use 29*ecad5b89SSandrine BailleuxTF-A have a chance to consider the implications of the vulnerability and its 30*ecad5b89SSandrine Bailleuxremedy before it is made public. As such, please follow the disclosure plan 31*ecad5b89SSandrine Bailleuxoutlined in the process. We do our best to respond and fix any issues quickly. 328aa05055SPaul Beesley 3355f14059SJohn TsichritzisAfterwards, we encourage you to write-up your findings about the TF-A source 3455f14059SJohn Tsichritziscode. 358aa05055SPaul Beesley 368aa05055SPaul BeesleyAttribution 378aa05055SPaul Beesley----------- 388aa05055SPaul Beesley 391367cc19SSandrine BailleuxWe will name and thank you in the :ref:`Change Log & Release Notes` distributed 401367cc19SSandrine Bailleuxwith the source code and in any published security advisory. 418aa05055SPaul Beesley 428aa05055SPaul BeesleySecurity Advisories 438aa05055SPaul Beesley------------------- 448aa05055SPaul Beesley 458aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 468aa05055SPaul Beesley| ID | Title | 478aa05055SPaul Beesley+===========+==================================================================+ 4834760951SPaul Beesley| |TFV-1| | Malformed Firmware Update SMC can result in copy of unexpectedly | 498aa05055SPaul Beesley| | large data into secure memory | 508aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5134760951SPaul Beesley| |TFV-2| | Enabled secure self-hosted invasive debug interface can allow | 528aa05055SPaul Beesley| | normal world to panic secure world | 538aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5434760951SPaul Beesley| |TFV-3| | RO memory is always executable at AArch64 Secure EL1 | 558aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5634760951SPaul Beesley| |TFV-4| | Malformed Firmware Update SMC can result in copy or | 578aa05055SPaul Beesley| | authentication of unexpected data in secure memory in AArch32 | 588aa05055SPaul Beesley| | state | 598aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6034760951SPaul Beesley| |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure | 618aa05055SPaul Beesley| | world timing information | 628aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6334760951SPaul Beesley| |TFV-6| | Trusted Firmware-A exposure to speculative processor | 648aa05055SPaul Beesley| | vulnerabilities using cache timing side-channels | 658aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6634760951SPaul Beesley| |TFV-7| | Trusted Firmware-A exposure to cache speculation vulnerability | 678aa05055SPaul Beesley| | Variant 4 | 688aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6934760951SPaul Beesley| |TFV-8| | Not saving x0 to x3 registers can leak information from one | 708aa05055SPaul Beesley| | Normal World SMC client to another | 718aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 728aa05055SPaul Beesley 7355f14059SJohn Tsichritzis.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/ 74a88b3c29SSandrine Bailleux.. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-a 7534760951SPaul Beesley 7634760951SPaul Beesley.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)` 7734760951SPaul Beesley.. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)` 7834760951SPaul Beesley.. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)` 7934760951SPaul Beesley.. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)` 8034760951SPaul Beesley.. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)` 8134760951SPaul Beesley.. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)` 8234760951SPaul Beesley.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)` 8334760951SPaul Beesley.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)` 8434760951SPaul Beesley 851367cc19SSandrine Bailleux.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/ 861367cc19SSandrine Bailleux 8734760951SPaul Beesley-------------- 8834760951SPaul Beesley 891367cc19SSandrine Bailleux*Copyright (c) 2019-2020, Arm Limited. All rights reserved.* 90