1TF-A Firmware Threat Model 2========================== 3 4As the TF-A codebase is highly configurable to allow tailoring it best for each 5platform's needs, providing a holistic threat model covering all of its features 6is not necessarily the best approach. Instead, we provide a collection of 7documents which, together, form the project's threat model. These are 8articulated around a core document, called the :ref:`Generic Threat Model`, 9which focuses on the most common configuration we expect to see. The other 10documents typically focus on specific features not covered in the core document. 11 12As the TF-A codebase evolves and new features get added, these threat model 13documents will be updated and extended in parallel to reflect at best the 14current status of the code from a security standpoint. 15 16 .. note:: 17 18 Although our aim is eventually to provide threat model material for all 19 features within the project, we have not reached that point yet. We expect 20 to gradually fill these gaps over time. 21 22Each of these documents give a description of the target of evaluation using a 23data flow diagram, as well as a list of threats we have identified using the 24`STRIDE threat modeling technique`_ and corresponding mitigations. 25 26.. toctree:: 27 :maxdepth: 1 28 :caption: Contents 29 30 threat_model 31 threat_model_el3_spm 32 threat_model_rse_interface 33 threat_model_arm_cca 34 threat_model_fw_update_and_recovery 35 threat_model_firmware_handoff 36 37-------------- 38 39*Copyright (c) 2021-2025, Arm Limited and Contributors. All rights reserved.* 40 41.. _STRIDE threat modeling technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model 42