diff options
author | Sandrine Bailleux <sandrine.bailleux@arm.com> | 2023-04-25 08:58:50 +0200 |
---|---|---|
committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2023-04-25 08:58:50 +0200 |
commit | 100f56d873591a8de61ff8826c2ed8cdd09f3338 (patch) | |
tree | 0fdccc013abfdb5cbc3d2e2760fc928f8a1fdf24 /docs | |
parent | 760fbfc49010857071619d6d91a0f44f20bd5a3c (diff) | |
parent | 7ccefbca3b09679bb6803a4c4677d2e76ae895d3 (diff) | |
download | arm-trusted-firmware-100f56d873591a8de61ff8826c2ed8cdd09f3338.tar.gz |
Merge "docs(threat-model): add a notes related to the Measured Boot" into integration
Diffstat (limited to 'docs')
-rw-r--r-- | docs/global_substitutions.txt | 3 | ||||
-rw-r--r-- | docs/glossary.rst | 9 | ||||
-rw-r--r-- | docs/threat_model/threat_model.rst | 28 |
3 files changed, 37 insertions, 3 deletions
diff --git a/docs/global_substitutions.txt b/docs/global_substitutions.txt index 0cf294665..9428fe97d 100644 --- a/docs/global_substitutions.txt +++ b/docs/global_substitutions.txt @@ -50,15 +50,18 @@ .. |SP| replace:: :term:`SP` .. |SPD| replace:: :term:`SPD` .. |SPM| replace:: :term:`SPM` +.. |SRTM| replace:: :term:`SRTM` .. |SSBS| replace:: :term:`SSBS` .. |SVE| replace:: :term:`SVE` .. |TBB| replace:: :term:`TBB` .. |TBBR| replace:: :term:`TBBR` +.. |TCG| replace:: :term:`TCG` .. |TEE| replace:: :term:`TEE` .. |TF-A| replace:: :term:`TF-A` .. |TF-M| replace:: :term:`TF-M` .. |TLB| replace:: :term:`TLB` .. |TLK| replace:: :term:`TLK` +.. |TPM| replace:: :term:`TPM` .. |TRNG| replace:: :term:`TRNG` .. |TSP| replace:: :term:`TSP` .. |TZC| replace:: :term:`TZC` diff --git a/docs/glossary.rst b/docs/glossary.rst index e6b023960..57fde2dad 100644 --- a/docs/glossary.rst +++ b/docs/glossary.rst @@ -187,6 +187,9 @@ You can find additional definitions in the `Arm Glossary`_. SPM Secure Partition Manager + SRTM + Static Root of Trust for Measurement + SSBS Speculative Store Bypass Safe. Introduced in Armv8.5, this configuration bit can be set by software to allow or prevent the hardware from @@ -204,6 +207,9 @@ You can find additional definitions in the `Arm Glossary`_. TCB Trusted Compute Base + TCG + Trusted Computing Group + TEE Trusted Execution Environment @@ -219,6 +225,9 @@ You can find additional definitions in the `Arm Glossary`_. TLK Trusted Little Kernel. A Trusted OS from NVIDIA. + TPM + Trusted Platform Module + TRNG True Randon Number Generator (hardware based) diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst index 940cad54f..71ec9b1e6 100644 --- a/docs/threat_model/threat_model.rst +++ b/docs/threat_model/threat_model.rst @@ -36,12 +36,34 @@ assumptions: - There is no Secure-EL2. We don't consider threats that may come with Secure-EL2 software. -- Measured boot is disabled. We do not consider the threats nor the mitigations - that may come with it. - - No experimental features are enabled. We do not consider threats that may come from them. +.. note:: + + In the current Measured Boot design, BL1, BL2, and BL31, as well as the + secure world components, form the |SRTM|. Measurement data is currently + considered an asset to be protected against attack, and this is achieved + by storing them in the Secure Memory. + Beyond the measurements stored inside the TCG-compliant Event Log buffer, + there are no other assets to protect or threats to defend against that + could compromise |TF-A| execution environment's security. + + There are general security assets and threats associated with remote/delegated + attestation. However, these are outside the |TF-A| security boundary and + should be dealt with by the appropriate agent in the platform/system. + Since current Measured Boot design does not use local attestation, there would + be no further assets to protect(like unsealed keys). + + A limitation of the current Measured Boot design is that it is dependent upon + Secure Boot as implementation of Measured Boot does not extend measurements + into a discrete |TPM|, where they would be securely stored and protected + against tampering. This implies that if Secure-Boot is compromised, Measured + Boot may also be compromised. + + Platforms must carefully evaluate the security of the default implementation + since the |SRTM| includes all secure world components. + Data Flow Diagram ================= |