Merge changes from topic "sb/threat-model" into integration
* changes:
docs(threat-model): make measured boot out of scope
docs(threat-model): revamp threat #9
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 611e8a1..2e11a94 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -36,6 +36,9 @@
- There is no Secure-EL2. We don't consider threats that may come with
Secure-EL2 software.
+- Measured boot is disabled. We do not consider the threats nor the mitigations
+ that may come with it.
+
- No experimental features are enabled. We do not consider threats that may come
from them.
@@ -617,19 +620,18 @@
| Threat | | **Improperly handled SMC calls can leak register |
| | contents** |
| | |
-| | | When switching between secure and non-secure |
-| | states, register contents of Secure world or |
-| | register contents of other normal world clients |
-| | can be leaked. |
+| | | When switching between worlds, TF-A register state |
+| | can leak to software in different security |
+| | contexts. |
+------------------------+------------------------------------------------------+
-| Diagram Elements | DF5 |
+| Diagram Elements | DF4, DF5 |
+------------------------+------------------------------------------------------+
| Affected TF-A | BL31 |
| Components | |
+------------------------+------------------------------------------------------+
| Assets | Sensitive Data |
+------------------------+------------------------------------------------------+
-| Threat Agent | NSCode |
+| Threat Agent | NSCode, SecCode |
+------------------------+------------------------------------------------------+
| Threat Type | Information Disclosure |
+------------------------+-------------------+----------------+-----------------+