Commit 55f14059 authored by John Tsichritzis's avatar John Tsichritzis
Browse files

Update security documentation



1) Replace references to "Arm Trusted Firmware" with "TF-A"
2) Update issue tracker link

Change-Id: I12d827d49f6cc34e46936d7f7ccf44e32b26a0bd
Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
parent ced17112
...@@ -4,28 +4,29 @@ Security Handling ...@@ -4,28 +4,29 @@ Security Handling
Security Disclosures Security Disclosures
-------------------- --------------------
We disclose all security vulnerabilities we find or are advised about that are We disclose all security vulnerabilities we find, or are advised about, that are
relevant for ARM Trusted Firmware (TF). We encourage responsible disclosure of relevant to Trusted Firmware-A. We encourage responsible disclosure of
vulnerabilities and inform users as best we can about all possible issues. vulnerabilities and inform users as best we can about all possible issues.
We disclose TF vulnerabilities as Security Advisories. These are listed at the We disclose TF-A vulnerabilities as Security Advisories, all of which are listed
bottom of this page and announced as issues in the `GitHub issue tracker`_ with at the bottom of this page. Any new ones will, additionally, be announced as
the "security-advisory" tag. You can receive notification emails for these by issues in the project's `issue tracker`_ with the ``security-advisory`` tag. You
watching that project. can receive notification emails for these by watching the "Trusted Firmware-A"
project at https://developer.trustedfirmware.org/.
Found a Security Issue? Found a Security Issue?
----------------------- -----------------------
Although we try to keep TF secure, we can only do so with the help of the Although we try to keep TF-A secure, we can only do so with the help of the
community of developers and security researchers. community of developers and security researchers.
If you think you have found a security vulnerability, please *do not* report it If you think you have found a security vulnerability, please **do not** report it
in the `GitHub issue tracker`_. Instead send an email to in the `issue tracker`_. Instead send an email to
trusted-firmware-security@arm.com trusted-firmware-security@arm.com
Please include: Please include:
* Trusted Firmware version (or commit) affected * Trusted Firmware-A version (or commit) affected
* A description of the concern or vulnerability * A description of the concern or vulnerability
...@@ -49,10 +50,11 @@ If you would like replies to be encrypted, please provide your public key. ...@@ -49,10 +50,11 @@ If you would like replies to be encrypted, please provide your public key.
Please give us the time to respond to you and fix the vulnerability before going Please give us the time to respond to you and fix the vulnerability before going
public. We do our best to respond and fix any issues quickly. We also need to public. We do our best to respond and fix any issues quickly. We also need to
ensure providers of products that use TF have a chance to consider the ensure providers of products that use TF-A have a chance to consider the
implications of the vulnerability and its remedy. implications of the vulnerability and its remedy.
Afterwards, we encourage you to write-up your findings about the TF source code. Afterwards, we encourage you to write-up your findings about the TF-A source
code.
Attribution Attribution
----------- -----------
...@@ -81,7 +83,7 @@ Security Advisories ...@@ -81,7 +83,7 @@ Security Advisories
| `TFV-5`_ | Not initializing or saving/restoring PMCR_EL0 can leak secure | | `TFV-5`_ | Not initializing or saving/restoring PMCR_EL0 can leak secure |
| | world timing information | | | world timing information |
+-----------+------------------------------------------------------------------+ +-----------+------------------------------------------------------------------+
| `TFV-6`_ | Arm Trusted Firmware exposure to speculative processor | | `TFV-6`_ | Trusted Firmware-A exposure to speculative processor |
| | vulnerabilities using cache timing side-channels | | | vulnerabilities using cache timing side-channels |
+-----------+------------------------------------------------------------------+ +-----------+------------------------------------------------------------------+
| `TFV-7`_ | Trusted Firmware-A exposure to cache speculation vulnerability | | `TFV-7`_ | Trusted Firmware-A exposure to cache speculation vulnerability |
...@@ -91,7 +93,7 @@ Security Advisories ...@@ -91,7 +93,7 @@ Security Advisories
| | Normal World SMC client to another | | | Normal World SMC client to another |
+-----------+------------------------------------------------------------------+ +-----------+------------------------------------------------------------------+
.. _GitHub issue tracker: https://github.com/ARM-software/tf-issues/issues .. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
.. _this PGP/GPG key: security-reporting.asc .. _this PGP/GPG key: security-reporting.asc
.. _TFV-1: ./security_advisories/security-advisory-tfv-1.rst .. _TFV-1: ./security_advisories/security-advisory-tfv-1.rst
.. _TFV-2: ./security_advisories/security-advisory-tfv-2.rst .. _TFV-2: ./security_advisories/security-advisory-tfv-2.rst
......
...@@ -2,7 +2,7 @@ Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) ...@@ -2,7 +2,7 @@ Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)
============================================================ ============================================================
+----------------+-------------------------------------------------------------+ +----------------+-------------------------------------------------------------+
| Title | Arm Trusted Firmware exposure to speculative processor | | Title | Trusted Firmware-A exposure to speculative processor |
| | vulnerabilities using cache timing side-channels | | | vulnerabilities using cache timing side-channels |
+================+=============================================================+ +================+=============================================================+
| CVE ID | `CVE-2017-5753`_ / `CVE-2017-5715`_ / `CVE-2017-5754`_ | | CVE ID | `CVE-2017-5753`_ / `CVE-2017-5715`_ / `CVE-2017-5754`_ |
...@@ -24,11 +24,11 @@ Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) ...@@ -24,11 +24,11 @@ Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)
| Credit | Google / Arm | | Credit | Google / Arm |
+----------------+-------------------------------------------------------------+ +----------------+-------------------------------------------------------------+
This security advisory describes the current understanding of the Arm Trusted This security advisory describes the current understanding of the Trusted
Firmware (TF) exposure to the speculative processor vulnerabilities identified Firmware-A exposure to the speculative processor vulnerabilities identified by
by `Google Project Zero`_. To understand the background and wider impact of `Google Project Zero`_. To understand the background and wider impact of these
these vulnerabilities on Arm systems, please refer to the `Arm Processor vulnerabilities on Arm systems, please refer to the `Arm Processor Security
Security Update`_. Update`_.
Variant 1 (`CVE-2017-5753`_) Variant 1 (`CVE-2017-5753`_)
---------------------------- ----------------------------
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment