feat(docs): add RSE provided mboot backends to the threat model
Add CCA Measured Boot and DPE measured boot backends to
the threat model.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I234a2400d00fea606c5312ebddf94e2624463ff8
diff --git a/docs/global_substitutions.txt b/docs/global_substitutions.txt
index 67fd96a..ade510d 100644
--- a/docs/global_substitutions.txt
+++ b/docs/global_substitutions.txt
@@ -21,6 +21,7 @@
.. |FVP| replace:: :term:`FVP`
.. |FWU| replace:: :term:`FWU`
.. |GIC| replace:: :term:`GIC`
+.. |HES| replace:: :term:`HES`
.. |ISA| replace:: :term:`ISA`
.. |Linaro| replace:: :term:`Linaro`
.. |MMU| replace:: :term:`MMU`
@@ -38,6 +39,7 @@
.. |PSCI| replace:: :term:`PSCI`
.. |RAS| replace:: :term:`RAS`
.. |ROT| replace:: :term:`ROT`
+.. |RSE| replace:: :term:`RSE`
.. |SCMI| replace:: :term:`SCMI`
.. |SCP| replace:: :term:`SCP`
.. |SDEI| replace:: :term:`SDEI`
diff --git a/docs/glossary.rst b/docs/glossary.rst
index abacc9e..f19897c 100644
--- a/docs/glossary.rst
+++ b/docs/glossary.rst
@@ -100,6 +100,9 @@
GIC
Generic Interrupt Controller
+ HES
+ Arm CCA Hardware Enforced Security
+
ISA
Instruction Set Architecture
@@ -165,6 +168,9 @@
ROT
Root of Trust
+ RSE
+ Runtime Security Engine
+
SCMI
System Control and Management Interface
diff --git a/docs/threat_model/firmware_threat_model/threat_model.rst b/docs/threat_model/firmware_threat_model/threat_model.rst
index 89419de..ae0219e 100644
--- a/docs/threat_model/firmware_threat_model/threat_model.rst
+++ b/docs/threat_model/firmware_threat_model/threat_model.rst
@@ -928,6 +928,15 @@
Measured Boot implementation in |TF-A| is that it does not extend the
measurements into a |PCR| of a Discrete |TPM|, where measurements would
be securely stored and protected against tampering.
+ - `CCA Measured Boot`_: Implemented by |TF-M|. Measurements are stored in
+ |HES| secure on-chip memory. |HES| implements protection against tampering
+ its on-chip memory. |HES| interface is available for BL1 and BL2.
+ - `DICE Protection Environment`_ (DPE): Implemented by |TF-M|. Measurements
+ are stored in |RSE| secure on-chip memory. |RSE| implements protection
+ against tampering its on-chip memory. DPE provides additional protection
+ against unauthorized access by malicious actors through the use of one-time
+ context handles and the identification of the client's target locality
+ (location of the client).
Beyond the measurements (image digest and signer-id) there are no other assets
to protect or threats to defend against that could compromise |TF-A| execution
@@ -1197,3 +1206,5 @@
.. _Trusted Firmware-A Tests: https://git.trustedfirmware.org/TF-A/tf-a-tests.git/about/
.. _OP-TEE Dispatcher: https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/components/spd/optee-dispatcher.rst
.. _PSR Specification: https://developer.arm.com/documentation/den0106/0100
+.. _CCA Measured Boot: https://trustedfirmware-m.readthedocs.io/projects/tf-m-extras/en/latest/partitions/measured_boot_integration_guide.html
+.. _DICE Protection Environment: https://trustedfirmware-m.readthedocs.io/projects/tf-m-extras/en/latest/partitions/dice_protection_environment/dice_protection_environment.html