Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 54212084eacebe6357f03d079fe2f24c7e1efc28^! / . / docs / threat_model / firmware_threat_model / index.rst
commit54212084eacebe6357f03d079fe2f24c7e1efc28[log] [tgz]
authorlaurenw-arm <lauren.wehrmeister@arm.com>Fri Dec 08 15:00:07 2023 -0600
committerlaurenw-arm <lauren.wehrmeister@arm.com>Fri Jan 19 14:50:24 2024 -0600
tree0ee8a50baccc14390f3f53c1fb87da8c42b617ac
parentc610b3529170e703bab0606e9604d775835645f1 [diff] [blame]
docs(threat-model): supply chain threat model TF-A

Software supply chain attacks aim to inject malicious code into a
software product. There are several ways a malicious code can be
injected into a software product (open-source project).

These include:
- Malicious code commits
- Malicious dependencies
- Malicious toolchains

This document provides analysis of software supply chain attack
threats for the TF-A project

Change-Id: I03545d65a38dc372f3868a16c725b7378640a771
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

diff --git a/docs/threat_model/firmware_threat_model/index.rst b/docs/threat_model/firmware_threat_model/index.rst
new file mode 100644
index 0000000..05b6710
--- /dev/null
+++ b/docs/threat_model/firmware_threat_model/index.rst

@@ -0,0 +1,41 @@
+TF-A Firmware Threat Model
+==========================
+
+As the TF-A codebase is highly configurable to allow tailoring it best for each
+platform's needs, providing a holistic threat model covering all of its features
+is not necessarily the best approach. Instead, we provide a collection of
+documents which, together, form the project's threat model. These are
+articulated around a core document, called the :ref:`Generic Threat Model`,
+which focuses on the most common configuration we expect to see. The other
+documents typically focus on specific features not covered in the core document.
+
+As the TF-A codebase evolves and new features get added, these threat model
+documents will be updated and extended in parallel to reflect at best the
+current status of the code from a security standpoint.
+
+   .. note::
+
+      Although our aim is eventually to provide threat model material for all
+      features within the project, we have not reached that point yet. We expect
+      to gradually fill these gaps over time.
+
+Each of these documents give a description of the target of evaluation using a
+data flow diagram, as well as a list of threats we have identified using the
+`STRIDE threat modeling technique`_ and corresponding mitigations.
+
+.. toctree::
+   :maxdepth: 1
+   :caption: Contents
+
+   threat_model
+   threat_model_el3_spm
+   threat_model_fvp_r
+   threat_model_rss_interface
+   threat_model_arm_cca
+   threat_model_fw_update_and_recovery
+
+--------------
+
+*Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.*
+
+.. _STRIDE threat modeling technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model