threat_model_spm.rst - OpenGrok cross reference for /trusted-firmware-a/docs/threat_model/threat_model

Lines Matching refs:or
8 (SPM) implementation or more generally the S-EL2 reference firmware running on
16 - Isolation of mutually mistrusting SW components, or endpoints in the FF-A
24   or the Hypervisor).
29 In this threat model, the target of evaluation is the S-EL2 firmware or the
37   The threat model is not related to the normal world Hypervisor or VMs.
43 - Not covering advanced or invasive physical attacks such as decapsulation,
45 - Assumes secure boot or in particular TF-A trusted boot (TBBR or dual CoT) is
47   SiP or platform providers.
69   | ``DF1``             | SP to SPMC communication. FF-A function invocation or  |
135   (Hypervisor) or NS-EL1 (VM or OS kernel).
138   such as bus probing or DRAM stress.
154 analysis is evaluated based on the environment being ``Server`` or ``Mobile``.
165 | ``Threat``             | **An endpoint impersonates the sender or receiver  |
205 |                        | driver, or Hypervisor although it remains untrusted|
239 |                        | PARTITION_INFO_GET or mem sharing primitives.      |
252 | ``Threat``             | **An endpoint may tamper with its own state or the |
255 |                        | - its own or another SP state by using an unusual  |
256 |                        | combination (or out-of-order) FF-A function        |
265 |                        | and responses, or handling of interrupts.          |
266 |                        | This can be led by random stimuli injection or     |
289 |                        | transitions for itself or while handling an SP     |
313 | ``Assets``             | SP or SPMC state                                   |
329 |                        | dedicated HW circuity or hardening at the chipset  |
330 |                        | or platform level left to the integrator.          |
346 | ``Assets``             | SPMC or SP state                                   |
377 |                        | a matter of triggering a malfunction or extracting |
382 |                        | getting access or gaining permissions to a memory  |
411 |                        | or state information by the use of invalid or      |
413 |                        | Lack of input parameter validation or side effects |
439 |                        | The use of software (canaries) or hardware         |
455 |                        | The secure partition or SPMC replies to a partition|
466 | ``Assets``             | SPMC or SP state                                   |
482 |                        | its internal state or the state of an SP to be     |
498 |                        | extract the traffic between an SP and the SPMC or  |
521 | ``Mitigations``        | It is expected the platform or chipset provides    |
531 |                        | state or secrets by the use of software-based cache|
539 | ``Assets``             | SP or SPMC state                                   |
557 |                        | Spectre, Meltdown or other cache timing            |