Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
adam.huang
Arm Trusted Firmware
Commits
bd4b4b03
Commit
bd4b4b03
authored
3 years ago
by
Olivier Deprez
Committed by
TrustedFirmware Code Review
3 years ago
Browse files
Options
Download
Plain Diff
Merge "docs(spmc): threat model document" into integration
parents
9fcefe38
3af9b3f0
master
No related merge requests found
Changes
5
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
docs/resources/diagrams/plantuml/spm_dfd.puml
+82
-0
docs/resources/diagrams/plantuml/spm_dfd.puml
docs/resources/diagrams/spm-threat-model-trust-boundaries.png
+0
-0
.../resources/diagrams/spm-threat-model-trust-boundaries.png
docs/threat_model/index.rst
+9
-1
docs/threat_model/index.rst
docs/threat_model/threat_model.rst
+7
-10
docs/threat_model/threat_model.rst
docs/threat_model/threat_model_spm.rst
+617
-0
docs/threat_model/threat_model_spm.rst
with
715 additions
and
11 deletions
+715
-11
docs/resources/diagrams/plantuml/spm_dfd.puml
0 → 100644
View file @
bd4b4b03
/'
' Copyright (c) 2021, Arm Limited. All rights reserved.
'
' SPDX-License-Identifier: BSD-3-Clause
'/
/'
TF-A SPMC Data Flow Diagram
'/
@startuml
digraph tfa_dfd {
# Allow arrows to end on cluster boundaries
compound=true
# Default settings for edges and nodes
edge [minlen=2 color="#8c1b07"]
node [fillcolor="#ffb866" style=filled shape=box fixedsize=true width=1.6 height=0.7]
# Nodes outside of the trust boundary
nsec [label="NS Client"]
ddr [label="External memory (DDR)"]
# Trust boundary cluster
subgraph cluster_trusted {
graph [style=dashed color="#f22430"]
# HW IPs cluster
subgraph cluster_ip {
label ="Hardware IPs";
graph [style=filled color="#000000" fillcolor="#ffd29e"]
rank="same"
gic [label="GIC" width=1.2 height=0.5]
smmu [label="SMMU" width=1.2 height=0.5]
uart [label="UART" width=1.2 height=0.5]
pe [label="PE" width=1.2 height=0.5]
}
# TF-A cluster
subgraph cluster_tfa {
label ="EL3 monitor";
graph [style=filled color="#000000" fillcolor="#faf9cd"]
bl31 [label="BL31" fillcolor="#ddffb3"];
spmd [label="SPMD" fillcolor="#ddffb3" height=1]
}
# SPMC cluster
subgraph cluster_spmc {
label ="SPMC";
graph [style=filled color="#000000" fillcolor="#faf9cd"]
spmc [label="SPMC" fillcolor="#ddffb3" height=1]
}
bl2 [label="BL2" width=1.2 height=0.5]
}
# Secure Partitions cluster
subgraph cluster_sp {
label ="Secure Partitions";
graph [style=filled color="#000000" fillcolor="#faf9cd"]
sp1 [label="SP1" fillcolor="#ddffb3" height=1]
sp2 [label="SP2" fillcolor="#ddffb3" height=1]
spn [label="SP..." fillcolor="#ddffb3" height=1]
}
# Interactions between nodes
sp1 -> spmc [dir="both" label="DF1"]
spmc -> spmd [dir="both" label="DF2"]
spmd -> nsec [dir="both" label="DF3"]
sp1 -> sp2 [dir="both" label="DF4"]
spmc -> smmu [lhead=cluster_spmc label="DF5"]
bl2 -> spmc [lhead=cluster_spmc label="DF6"]
bl2 -> spn [lhead=cluster_spmc label="DF6"]
sp1 -> ddr [dir="both" label="DF7"]
spmc -> ddr [dir="both" label="DF7"]
}
@enduml
This diff is collapsed.
Click to expand it.
docs/resources/diagrams/spm-threat-model-trust-boundaries.png
0 → 100644
View file @
bd4b4b03
64.8 KB
This diff is collapsed.
Click to expand it.
docs/threat_model/index.rst
View file @
bd4b4b03
Threat Model
=============
============
Threat modeling is an important part of Secure Development Lifecycle (SDL)
that helps us identify potential threats and mitigations affecting a system.
In the next sections, we first give a description of the target of evaluation
using a data flow diagram. Then we provide a list of threats we have identified
based on the data flow diagram and potential threat mitigations.
.. toctree::
:maxdepth: 1
...
...
@@ -7,6 +14,7 @@ Threat Model
:numbered:
threat_model
threat_model_spm
--------------
...
...
This diff is collapsed.
Click to expand it.
docs/threat_model/threat_model.rst
View file @
bd4b4b03
*****************
Introduction
*****************
Threat modeling is an important part of Secure Development Lifecycle (SDL)
that helps us identify potential threats and mitigations affecting a system.
Generic threat model
********************
This document provides a generic threat model for TF-A firmware. In the
next sections, we first give a description of the target of evalua
tion
using a data flow diagram. Then we provide a list of threats we have
identified based on the data flow diagram and potential threat mitigations
.
************************
Introduc
tion
************************
This document provides a generic threat model for TF-A firmware
.
************************
Target of Evaluation
...
...
@@ -781,4 +778,4 @@ each diagram element of the data flow diagram.
.. _Trusted Board Boot (TBB): https://trustedfirmware-a.readthedocs.io/en/latest/design/trusted-board-boot.html
.. _TF-A error handling policy: https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#error-handling-and-robustness
.. _Secure Development Guidelines: https://trustedfirmware-a.readthedocs.io/en/latest/process/security-hardening.html#secure-development-guidelines
.. _Trusted Firmware-A Tests: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/about/
\ No newline at end of file
.. _Trusted Firmware-A Tests: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/about/
This diff is collapsed.
Click to expand it.
docs/threat_model/threat_model_spm.rst
0 → 100644
View file @
bd4b4b03
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
Menu
Projects
Groups
Snippets
Help