Lines Matching refs:A
7 This document provides a generic threat model for TF-A firmware.
18 Firmware for A-class Processors (TF-A). This includes the boot ROM (BL1),
23 TF-A can be configured in various ways. In this threat model we consider
27 - All TF-A images are run from either ROM or on-chip trusted SRAM. This means
28 TF-A is not vulnerable to an attacker that can probe or tamper with off-chip
39 Figure 1 shows a high-level data flow diagram for TF-A. The diagram
40 shows a model of the different components of a TF-A-based system and
41 their interactions with TF-A. A description of each diagram element
44 are considered untrusted by TF-A.
47 :caption: Figure 1: TF-A Data Flow Diagram
49 .. table:: Table 1: TF-A Data Flow Diagram Description
55 | | memory and verified by TF-A boot firmware. These |
56 | | images include TF-A BL2 and BL31 images, as well as |
59 | ``DF2`` | | TF-A log system framework outputs debug messages |
63 | | to registers and memory of TF-A. |
66 | | with TF-A through SMC call interface and/or shared |
70 | | with TF-A through SMC call interface and/or shared |
73 | ``DF6`` | | This path represents the interaction between TF-A and|
75 | | and GIC. At boot time TF-A configures/initializes the|
84 In this section we identify and provide assessment of potential threats to TF-A
95 We have identified the following assets for TF-A:
97 .. table:: Table 2: TF-A Assets
108 | | platform should run only TF-A code approved by |
111 | ``Availability`` | | This represents the requirement that TF-A |
133 | | TF-A resources |
181 | ``Medium (3)`` | | Noticeable impact to | | A knowledgeable insider |
231 target environment in which TF-A is running. For example, attacks
248 | | | Some TF-A images are loaded from external |
257 | ``Affected TF-A | BL2, BL31 |
274 | ``Mitigations`` | | TF-A implements the `Trusted Board Boot (TBB)`_ |
277 | | firmware images. In addition to this, the TF-A |
295 | ``Affected TF-A | BL2, BL31 |
312 | ``Mitigations`` | | TF-A supports anti-rollback protection using |
341 | ``Affected TF-A | BL1, BL2 |
352 | ``Impact`` | N/A | Critical (5) | Critical (5) |
354 | ``Likelihood`` | N/A | Medium (3) | Medium (3) |
356 | ``Total Risk Rating`` | N/A | High (15) | High (15) |
358 | ``Mitigations`` | | TF-A boot firmware copies image to on-chip |
373 | | | TF-A relies on a chain of trust that starts with the|
386 | ``Affected TF-A | BL1, BL2 |
397 | ``Impact`` | N/A | Critical (5) | Critical (5) |
399 | ``Likelihood`` | N/A | Medium (3) | Medium (3) |
401 | ``Total Risk Rating`` | N/A | High (15) | High (15) |
408 | | can be used to harden TF-A against such attacks. |
409 | | **At the moment TF-A doesn't implement such |
431 | ``Affected TF-A | BL1, BL2, BL31 |
442 | ``Impact`` | N/A | Low (2) | Low (2) |
444 | ``Likelihood`` | N/A | High (4) | High (4) |
446 | ``Total Risk Rating`` | N/A | Medium (8) | Medium (8) |
448 | ``Mitigations`` | | In TF-A, crash reporting is only enabled for |
467 | | modify TF-A registers and memory allowing the |
473 | ``Affected TF-A | BL1, BL2, BL31 |
485 | ``Impact`` | N/A | High (4) | High (4) |
487 | ``Likelihood`` | N/A | Critical (5) | Critical (5) |
489 | ``Total Risk Rating`` | N/A | Critical (20) | Critical (20) |
505 | | | Secure and non-secure clients access TF-A services |
507 | | place the TF-A runtime into an inconsistent state |
513 | ``Affected TF-A | BL31 |
530 | ``Mitigations`` | | The generic TF-A code validates SMC function ids |
563 | ``Affected TF-A | BL1, BL2, BL31 |
581 | ``Mitigations`` | | TF-A uses a combination of manual code reviews and |
583 | | and fix memory corruption bugs. All TF-A code |
586 | | performed using Coverity Scan on all TF-A code. |
588 | | `Trusted Firmware-A Tests`_ on Juno and FVP |
601 | | `TF-A error handling policy`_. TF-A provides an |
620 | ``Affected TF-A | BL31 |
637 | ``Mitigations`` | | TF-A saves and restores registers |
647 | | TF-A memory via microarchitectural side channels**|
653 | | data from TF-A memory. |
657 | ``Affected TF-A | BL31 |
674 | ``Mitigations`` | | TF-A implements software mitigations for Spectre |
689 | | | A misconfiguration of the MMU could |
697 | ``Affected TF-A | BL1, BL2, BL31 |
714 | ``Mitigations`` | | In TF-A, configuration of the MMU is done |
742 | | side-channel timing attacks against TF-A. |
746 | ``Affected TF-A | BL31 |
761 | ``Mitigations`` | | TF-A follows mitigation strategies as described |
786 .. _TF-A error handling policy: https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-g…
788 .. _Trusted Firmware-A Tests: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/about/