docs(rme): add description of TF-A changes for RME
This patch expands the RME documentation with description of TF-A
changes for RME. It also modifies some other parts of TF-A documentation
to account for RME changes.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9e6feeee235f0ba4b767d239f15840f1e0c540bb
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 9f26487..4a31e79 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -6,6 +6,11 @@
************************
This document provides a generic threat model for TF-A firmware.
+.. note::
+
+ This threat model doesn't consider Root and Realm worlds introduced by
+ :ref:`Realm Management Extension (RME)`.
+
************************
Target of Evaluation
************************
@@ -22,8 +27,10 @@
- All TF-A images are run from either ROM or on-chip trusted SRAM. This means
TF-A is not vulnerable to an attacker that can probe or tamper with off-chip
memory.
+
- Trusted boot is enabled. This means an attacker can't boot arbitrary images
that are not approved by platform providers.
+
- There is no Secure-EL2. We don't consider threats that may come with
Secure-EL2 software.