docs/threat_model/firmware_threat_model/threat_model_rse_interface.rst - filogic/atf - Gitiles

 Threat Model for RSE - AP interface
 ***********************************

 ************
 Introduction
 ************
 This document is an extension for the general TF-A threat-model. It considers
 those platforms where a Runtime Security Engine (RSE) is included in the SoC
 next to the Application Processor (AP).

 ********************
 Target of Evaluation
 ********************
 The scope of this threat model only includes the interface between the RSE and
 AP. Otherwise, the TF-A :ref:`Generic Threat Model` document is applicable for
 the AP core. The threat model for the RSE firmware will be provided by the RSE
 firmware project in the future.


 Data Flow Diagram
 =================
 This diagram is different only from the general TF-A data flow diagram in that
 it includes the RSE and highlights the interface between the AP and the RSE
 cores. The interface description only focuses on the AP-RSE interface the rest
 is the same as in the general TF-A threat-model document.

 .. uml:: ../../resources/diagrams/plantuml/tfa_rse_dfd.puml
   :caption: Figure 1: TF-A Data Flow Diagram including RSE

 .. table:: Table 1: TF-A - RSE data flow diagram

   +-----------------+--------------------------------------------------------+
   | Diagram Element | Description                                            |
   +=================+========================================================+
   |       DF7       | | Boot images interact with RSE over a communication   |
   |                 |   channel to record boot measurements and get image    |
   |                 |   verification keys. At runtime, BL31 obtains the      |
   |                 |   realm world attestation signing key from RSE.        |
   +-----------------+--------------------------------------------------------+

 Threat Assessment
 =================
 For this section, please reference the Threat Assessment under the general TF-A
 threat-model document, :ref:`Generic Threat Model`. All the threats listed there
 are applicable for the AP core, here only the differences are highlighted.

     - ID 11: The access to the communication interface between AP and RSE is
       allowed only for firmware running at EL3. Accidentally exposing this
       interface to NSCode can allow malicious code to interact with RSE and
       gain access to sensitive data.
     - ID 13: Relevant in the context of the realm attestation key, which can be
       retrieved by BL31 through DF7. The RSE communication protocol layer
       mitigates against this by clearing its internal buffer when reply is
       received. The caller of the API must do the same if data is not needed
       anymore.

 --------------

 *Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
	Threat Model for RSE - AP interface
	***********************************

	************
	Introduction
	************
	This document is an extension for the general TF-A threat-model. It considers
	those platforms where a Runtime Security Engine (RSE) is included in the SoC
	next to the Application Processor (AP).

	********************
	Target of Evaluation
	********************
	The scope of this threat model only includes the interface between the RSE and
	AP. Otherwise, the TF-A :ref:`Generic Threat Model` document is applicable for
	the AP core. The threat model for the RSE firmware will be provided by the RSE
	firmware project in the future.


	Data Flow Diagram
	=================
	This diagram is different only from the general TF-A data flow diagram in that
	it includes the RSE and highlights the interface between the AP and the RSE
	cores. The interface description only focuses on the AP-RSE interface the rest
	is the same as in the general TF-A threat-model document.

	.. uml:: ../../resources/diagrams/plantuml/tfa_rse_dfd.puml
	:caption: Figure 1: TF-A Data Flow Diagram including RSE

	.. table:: Table 1: TF-A - RSE data flow diagram

	+-----------------+--------------------------------------------------------+
	\| Diagram Element \| Description \|
	+=================+========================================================+
	\| DF7 \| \| Boot images interact with RSE over a communication \|
	\| \| channel to record boot measurements and get image \|
	\| \| verification keys. At runtime, BL31 obtains the \|
	\| \| realm world attestation signing key from RSE. \|
	+-----------------+--------------------------------------------------------+

	Threat Assessment
	=================
	For this section, please reference the Threat Assessment under the general TF-A
	threat-model document, :ref:`Generic Threat Model`. All the threats listed there
	are applicable for the AP core, here only the differences are highlighted.

	- ID 11: The access to the communication interface between AP and RSE is
	allowed only for firmware running at EL3. Accidentally exposing this
	interface to NSCode can allow malicious code to interact with RSE and
	gain access to sensitive data.
	- ID 13: Relevant in the context of the realm attestation key, which can be
	retrieved by BL31 through DF7. The RSE communication protocol layer
	mitigates against this by clearing its internal buffer when reply is
	received. The caller of the API must do the same if data is not needed
	anymore.

	--------------

	Copyright (c) 2022-2024, Arm Limited. All rights reserved.