18aa05055SPaul BeesleySecurity Handling 28aa05055SPaul Beesley================= 38aa05055SPaul Beesley 48aa05055SPaul BeesleySecurity Disclosures 58aa05055SPaul Beesley-------------------- 68aa05055SPaul Beesley 755f14059SJohn TsichritzisWe disclose all security vulnerabilities we find, or are advised about, that are 855f14059SJohn Tsichritzisrelevant to Trusted Firmware-A. We encourage responsible disclosure of 98aa05055SPaul Beesleyvulnerabilities and inform users as best we can about all possible issues. 108aa05055SPaul Beesley 1155f14059SJohn TsichritzisWe disclose TF-A vulnerabilities as Security Advisories, all of which are listed 1255f14059SJohn Tsichritzisat the bottom of this page. Any new ones will, additionally, be announced as 1355f14059SJohn Tsichritzisissues in the project's `issue tracker`_ with the ``security-advisory`` tag. You 1455f14059SJohn Tsichritziscan receive notification emails for these by watching the "Trusted Firmware-A" 1555f14059SJohn Tsichritzisproject at https://developer.trustedfirmware.org/. 168aa05055SPaul Beesley 178aa05055SPaul BeesleyFound a Security Issue? 188aa05055SPaul Beesley----------------------- 198aa05055SPaul Beesley 2055f14059SJohn TsichritzisAlthough we try to keep TF-A secure, we can only do so with the help of the 218aa05055SPaul Beesleycommunity of developers and security researchers. 228aa05055SPaul Beesley 23ecad5b89SSandrine Bailleux.. warning:: 24ecad5b89SSandrine Bailleux If you think you have found a security vulnerability, please **do not** 25ecad5b89SSandrine Bailleux report it in the `issue tracker`_ or on the `mailing list`_. Instead, please 26ecad5b89SSandrine Bailleux follow the `TrustedFirmware.org security incident process`_. 27ecad5b89SSandrine Bailleux 28ecad5b89SSandrine BailleuxOne of the goals of this process is to ensure providers of products that use 29ecad5b89SSandrine BailleuxTF-A have a chance to consider the implications of the vulnerability and its 30ecad5b89SSandrine Bailleuxremedy before it is made public. As such, please follow the disclosure plan 31ecad5b89SSandrine Bailleuxoutlined in the process. We do our best to respond and fix any issues quickly. 328aa05055SPaul Beesley 3355f14059SJohn TsichritzisAfterwards, we encourage you to write-up your findings about the TF-A source 3455f14059SJohn Tsichritziscode. 358aa05055SPaul Beesley 368aa05055SPaul BeesleyAttribution 378aa05055SPaul Beesley----------- 388aa05055SPaul Beesley 391367cc19SSandrine BailleuxWe will name and thank you in the :ref:`Change Log & Release Notes` distributed 401367cc19SSandrine Bailleuxwith the source code and in any published security advisory. 418aa05055SPaul Beesley 428aa05055SPaul BeesleySecurity Advisories 438aa05055SPaul Beesley------------------- 448aa05055SPaul Beesley 458aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 468aa05055SPaul Beesley| ID | Title | 478aa05055SPaul Beesley+===========+==================================================================+ 4834760951SPaul Beesley| |TFV-1| | Malformed Firmware Update SMC can result in copy of unexpectedly | 498aa05055SPaul Beesley| | large data into secure memory | 508aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5134760951SPaul Beesley| |TFV-2| | Enabled secure self-hosted invasive debug interface can allow | 528aa05055SPaul Beesley| | normal world to panic secure world | 538aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5434760951SPaul Beesley| |TFV-3| | RO memory is always executable at AArch64 Secure EL1 | 558aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 5634760951SPaul Beesley| |TFV-4| | Malformed Firmware Update SMC can result in copy or | 578aa05055SPaul Beesley| | authentication of unexpected data in secure memory in AArch32 | 588aa05055SPaul Beesley| | state | 598aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6034760951SPaul Beesley| |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure | 618aa05055SPaul Beesley| | world timing information | 628aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6334760951SPaul Beesley| |TFV-6| | Trusted Firmware-A exposure to speculative processor | 648aa05055SPaul Beesley| | vulnerabilities using cache timing side-channels | 658aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6634760951SPaul Beesley| |TFV-7| | Trusted Firmware-A exposure to cache speculation vulnerability | 678aa05055SPaul Beesley| | Variant 4 | 688aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 6934760951SPaul Beesley| |TFV-8| | Not saving x0 to x3 registers can leak information from one | 708aa05055SPaul Beesley| | Normal World SMC client to another | 718aa05055SPaul Beesley+-----------+------------------------------------------------------------------+ 728aa05055SPaul Beesley 7355f14059SJohn Tsichritzis.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/ 74*f4a55e6bSSandrine Bailleux.. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/ 7534760951SPaul Beesley 7634760951SPaul Beesley.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)` 7734760951SPaul Beesley.. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)` 7834760951SPaul Beesley.. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)` 7934760951SPaul Beesley.. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)` 8034760951SPaul Beesley.. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)` 8134760951SPaul Beesley.. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)` 8234760951SPaul Beesley.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)` 8334760951SPaul Beesley.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)` 8434760951SPaul Beesley 851367cc19SSandrine Bailleux.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/ 861367cc19SSandrine Bailleux 8734760951SPaul Beesley-------------- 8834760951SPaul Beesley 89*f4a55e6bSSandrine Bailleux*Copyright (c) 2019-2022, Arm Limited. All rights reserved.* 90