commit a38467272f6b6e614736dba86a3e79edab07df97
author Sandrine Bailleux <sandrine.bailleux@arm.com> Wed Oct 11 08:27:43 2023 +0200
committer Sandrine Bailleux <sandrine.bailleux@arm.com> Mon Nov 13 10:28:24 2023 +0100
tree 8fcbae87ff6dcd71f1de2d3b76d15f792ced367a
parent f5f79fcf0057dba748972099a8a8433d51b8ac25

docs(threat-model): cover threats inherent to receiving data over UART

TF-A supports reading input data from UART interfaces. This opens up
an attack vector for arbitrary data to be injected into TF-A, which is
not covered in the threat model right now.

Fill this gap by:

 - Updating the data flow diagrams. Data may flow from the UART into
   TF-A (and not only the other way around).

 - Documenting the threats inherent to reading untrusted data from a
   UART.

Change-Id: I508da5d2f7ad5d20717b958d76ab9337c5eca50f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

docs/threat_model/threat_model_fvp_r.rst

diff --git a/docs/threat_model/threat_model_fvp_r.rst b/docs/threat_model/threat_model_fvp_r.rst
index c1462bb..725eeed 100644
--- a/docs/threat_model/threat_model_fvp_r.rst
+++ b/docs/threat_model/threat_model_fvp_r.rst
@@ -90,8 +90,10 @@
       and since the MPU configuration is equivalent with that for the fvp
       platform and others, this is not expected to be a concern.
 
+    - ID 15:  Improper handling of input data received over a UART interface may
+      allow an attacker to tamper with TF-A execution environment.
 
 
 --------------
 
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*