Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 54212084eacebe6357f03d079fe2f24c7e1efc28
commit54212084eacebe6357f03d079fe2f24c7e1efc28[log] [tgz]
authorlaurenw-arm <lauren.wehrmeister@arm.com>Fri Dec 08 15:00:07 2023 -0600
committerlaurenw-arm <lauren.wehrmeister@arm.com>Fri Jan 19 14:50:24 2024 -0600
tree0ee8a50baccc14390f3f53c1fb87da8c42b617ac
parentc610b3529170e703bab0606e9604d775835645f1 [diff]
docs(threat-model): supply chain threat model TF-A

Software supply chain attacks aim to inject malicious code into a
software product. There are several ways a malicious code can be
injected into a software product (open-source project).

These include:
- Malicious code commits
- Malicious dependencies
- Malicious toolchains

This document provides analysis of software supply chain attack
threats for the TF-A project

Change-Id: I03545d65a38dc372f3868a16c725b7378640a771
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
12 files changed
tree: 0ee8a50baccc14390f3f53c1fb87da8c42b617ac
  1. .husky/
  2. bl1/
  3. bl2/
  4. bl2u/
  5. bl31/
  6. bl32/
  7. common/
  8. docs/
  9. drivers/
  10. fdts/
  11. include/
  12. lib/
  13. licenses/
  14. make_helpers/
  15. plat/
  16. services/
  17. tools/
  18. .checkpatch.conf
  19. .commitlintrc.js
  20. .cz.json
  21. .editorconfig
  22. .gitignore
  23. .gitreview
  24. .nvmrc
  25. .readthedocs.yaml
  26. .versionrc.js
  27. changelog.yaml
  28. dco.txt
  29. license.rst
  30. Makefile
  31. package-lock.json
  32. package.json
  33. poetry.lock
  34. pyproject.toml
  35. readme.rst