Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
adam.huang
Arm Trusted Firmware
Commits
bd4b4b03
Commit
bd4b4b03
authored
Aug 20, 2021
by
Olivier Deprez
Committed by
TrustedFirmware Code Review
Aug 20, 2021
Browse files
Merge "docs(spmc): threat model document" into integration
parents
9fcefe38
3af9b3f0
Changes
5
Expand all
Hide whitespace changes
Inline
Side-by-side
docs/resources/diagrams/plantuml/spm_dfd.puml
0 → 100644
View file @
bd4b4b03
/'
' Copyright (c) 2021, Arm Limited. All rights reserved.
'
' SPDX-License-Identifier: BSD-3-Clause
'/
/'
TF-A SPMC Data Flow Diagram
'/
@startuml
digraph tfa_dfd {
# Allow arrows to end on cluster boundaries
compound=true
# Default settings for edges and nodes
edge [minlen=2 color="#8c1b07"]
node [fillcolor="#ffb866" style=filled shape=box fixedsize=true width=1.6 height=0.7]
# Nodes outside of the trust boundary
nsec [label="NS Client"]
ddr [label="External memory (DDR)"]
# Trust boundary cluster
subgraph cluster_trusted {
graph [style=dashed color="#f22430"]
# HW IPs cluster
subgraph cluster_ip {
label ="Hardware IPs";
graph [style=filled color="#000000" fillcolor="#ffd29e"]
rank="same"
gic [label="GIC" width=1.2 height=0.5]
smmu [label="SMMU" width=1.2 height=0.5]
uart [label="UART" width=1.2 height=0.5]
pe [label="PE" width=1.2 height=0.5]
}
# TF-A cluster
subgraph cluster_tfa {
label ="EL3 monitor";
graph [style=filled color="#000000" fillcolor="#faf9cd"]
bl31 [label="BL31" fillcolor="#ddffb3"];
spmd [label="SPMD" fillcolor="#ddffb3" height=1]
}
# SPMC cluster
subgraph cluster_spmc {
label ="SPMC";
graph [style=filled color="#000000" fillcolor="#faf9cd"]
spmc [label="SPMC" fillcolor="#ddffb3" height=1]
}
bl2 [label="BL2" width=1.2 height=0.5]
}
# Secure Partitions cluster
subgraph cluster_sp {
label ="Secure Partitions";
graph [style=filled color="#000000" fillcolor="#faf9cd"]
sp1 [label="SP1" fillcolor="#ddffb3" height=1]
sp2 [label="SP2" fillcolor="#ddffb3" height=1]
spn [label="SP..." fillcolor="#ddffb3" height=1]
}
# Interactions between nodes
sp1 -> spmc [dir="both" label="DF1"]
spmc -> spmd [dir="both" label="DF2"]
spmd -> nsec [dir="both" label="DF3"]
sp1 -> sp2 [dir="both" label="DF4"]
spmc -> smmu [lhead=cluster_spmc label="DF5"]
bl2 -> spmc [lhead=cluster_spmc label="DF6"]
bl2 -> spn [lhead=cluster_spmc label="DF6"]
sp1 -> ddr [dir="both" label="DF7"]
spmc -> ddr [dir="both" label="DF7"]
}
@enduml
docs/resources/diagrams/spm-threat-model-trust-boundaries.png
0 → 100644
View file @
bd4b4b03
64.8 KB
docs/threat_model/index.rst
View file @
bd4b4b03
Threat Model
Threat Model
=============
============
Threat modeling is an important part of Secure Development Lifecycle (SDL)
that helps us identify potential threats and mitigations affecting a system.
In the next sections, we first give a description of the target of evaluation
using a data flow diagram. Then we provide a list of threats we have identified
based on the data flow diagram and potential threat mitigations.
.. toctree::
.. toctree::
:maxdepth: 1
:maxdepth: 1
...
@@ -7,6 +14,7 @@ Threat Model
...
@@ -7,6 +14,7 @@ Threat Model
:numbered:
:numbered:
threat_model
threat_model
threat_model_spm
--------------
--------------
...
...
docs/threat_model/threat_model.rst
View file @
bd4b4b03
*****************
Generic threat model
Introduction
********************
*****************
Threat modeling is an important part of Secure Development Lifecycle (SDL)
that helps us identify potential threats and mitigations affecting a system.
This document provides a generic threat model for TF-A firmware. In the
************************
next sections, we first give a description of the target of evalua
tion
Introduc
tion
using a data flow diagram. Then we provide a list of threats we have
************************
identified based on the data flow diagram and potential threat mitigations
.
This document provides a generic threat model for TF-A firmware
.
************************
************************
Target of Evaluation
Target of Evaluation
...
@@ -781,4 +778,4 @@ each diagram element of the data flow diagram.
...
@@ -781,4 +778,4 @@ each diagram element of the data flow diagram.
.. _Trusted Board Boot (TBB): https://trustedfirmware-a.readthedocs.io/en/latest/design/trusted-board-boot.html
.. _Trusted Board Boot (TBB): https://trustedfirmware-a.readthedocs.io/en/latest/design/trusted-board-boot.html
.. _TF-A error handling policy: https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#error-handling-and-robustness
.. _TF-A error handling policy: https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-guidelines.html#error-handling-and-robustness
.. _Secure Development Guidelines: https://trustedfirmware-a.readthedocs.io/en/latest/process/security-hardening.html#secure-development-guidelines
.. _Secure Development Guidelines: https://trustedfirmware-a.readthedocs.io/en/latest/process/security-hardening.html#secure-development-guidelines
.. _Trusted Firmware-A Tests: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/about/
.. _Trusted Firmware-A Tests: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/about/
\ No newline at end of file
docs/threat_model/threat_model_spm.rst
0 → 100644
View file @
bd4b4b03
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment