Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / a38467272f6b6e614736dba86a3e79edab07df97
commita38467272f6b6e614736dba86a3e79edab07df97[log] [tgz]
authorSandrine Bailleux <sandrine.bailleux@arm.com>Wed Oct 11 08:27:43 2023 +0200
committerSandrine Bailleux <sandrine.bailleux@arm.com>Mon Nov 13 10:28:24 2023 +0100
tree8fcbae87ff6dcd71f1de2d3b76d15f792ced367a
parentf5f79fcf0057dba748972099a8a8433d51b8ac25 [diff]
docs(threat-model): cover threats inherent to receiving data over UART

TF-A supports reading input data from UART interfaces. This opens up
an attack vector for arbitrary data to be injected into TF-A, which is
not covered in the threat model right now.

Fill this gap by:

 - Updating the data flow diagrams. Data may flow from the UART into
   TF-A (and not only the other way around).

 - Documenting the threats inherent to reading untrusted data from a
   UART.

Change-Id: I508da5d2f7ad5d20717b958d76ab9337c5eca50f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
4 files changed
tree: 8fcbae87ff6dcd71f1de2d3b76d15f792ced367a
  1. .husky/
  2. bl1/
  3. bl2/
  4. bl2u/
  5. bl31/
  6. bl32/
  7. common/
  8. docs/
  9. drivers/
  10. fdts/
  11. include/
  12. lib/
  13. licenses/
  14. make_helpers/
  15. plat/
  16. services/
  17. tools/
  18. .checkpatch.conf
  19. .commitlintrc.js
  20. .cz.json
  21. .editorconfig
  22. .gitignore
  23. .gitreview
  24. .nvmrc
  25. .readthedocs.yaml
  26. .versionrc.js
  27. changelog.yaml
  28. dco.txt
  29. license.rst
  30. Makefile
  31. package-lock.json
  32. package.json
  33. poetry.lock
  34. pyproject.toml
  35. readme.rst