Merge "docs(spm): update threat model with FF-A v1.1" into integration
diff --git a/docs/threat_model/threat_model_spm.rst b/docs/threat_model/threat_model_spm.rst
index 82f9916..4db4c66 100644
--- a/docs/threat_model/threat_model_spm.rst
+++ b/docs/threat_model/threat_model_spm.rst
@@ -36,7 +36,8 @@
   running in the secure world of TrustZone (at S-EL2 exception level).
   The threat model is not related to the normal world Hypervisor or VMs.
   The S-EL1 SPMC solution is not covered.
-- The implementation complies with the FF-A v1.0 specification.
+- The implementation complies with the FF-A v1.0 specification, and a few
+  features of FF-A v1.1 specification.
 - Secure partitions are statically provisioned at boot time.
 - Focus on the run-time part of the life-cycle (no specific emphasis on boot
   time, factory firmware provisioning, firmware udpate etc.)
@@ -477,7 +478,7 @@
 +------------------------+------------------+---------------+-----------------+
 | ``Total Risk Rating``  | Medium (6)       | Medium (6)    |                 |
 +------------------------+------------------+---------------+-----------------+
-| ``Mitigations``        | For the specific case of direct requests targetting|
+| ``Mitigations``        | For the specific case of direct requests targeting |
 |                        | the SPMC, the latter is hardened to prevent        |
 |                        | its internal state or the state of an SP to be     |
 |                        | revealed through a direct message response.        |
@@ -572,7 +573,7 @@
 | ID                     | 11                                                 |
 +========================+====================================================+
 | ``Threat``             | **A malicious endpoint may attempt flooding the    |
-|                        | SPMC with requests targetting a service within an  |
+|                        | SPMC with requests targeting a service within an   |
 |                        | endpoint such that it denies another endpoint to   |
 |                        | access this service.**                             |
 |                        | Similarly, the malicious endpoint may target a     |
@@ -607,7 +608,281 @@
 |                        | in a limited timeframe.                            |
 +------------------------+----------------------------------------------------+
 
---------------
++------------------------+----------------------------------------------------+
+| ID                     | 12                                                 |
++========================+====================================================+
+| ``Threat``             | **A malicious endpoint may attempt to allocate     |
+|                        | notifications bitmaps in the SPMC, through the     |
+|                        | FFA_NOTIFICATION_BITMAP_CREATE.**                  |
+|                        | This might be an attempt to exhaust SPMC's memory, |
+|                        | or to allocate a bitmap for a VM that was not      |
+|                        | intended to receive notifications from SPs. Thus   |
+|                        | creating the possibility for a channel that was not|
+|                        | meant to exist.                                    |
++------------------------+----------------------------------------------------+
+| ``Diagram Elements``   | DF1, DF2, DF3                                      |
++------------------------+----------------------------------------------------+
+| ``Affected TF-A        | SPMC                                               |
+| Components``           |                                                    |
++------------------------+----------------------------------------------------+
+| ``Assets``             | SPMC state                                         |
++------------------------+----------------------------------------------------+
+| ``Threat Agent``       | NS-Endpoint, S-Endpoint                            |
++------------------------+----------------------------------------------------+
+| ``Threat Type``        | Denial of service, Spoofing                        |
++------------------------+------------------+-----------------+---------------+
+| ``Application``        |   ``Server``     |   ``Mobile``    |               |
++------------------------+------------------+-----------------+---------------+
+| ``Impact``             | Medium(3)        | Medium(3)       |               |
++------------------------+------------------+-----------------+---------------+
+| ``Likelihood``         | Medium(3)        | Medium(3)       |               |
++------------------------+------------------+-----------------+---------------+
+| ``Total Risk Rating``  | Medium(9)        | Medium(9)       |               |
++------------------------+------------------+-----------------+---------------+
+| ``Mitigations``        | The TF-A SPMC mitigates this threat by defining a  |
+|                        | a fixed size pool for bitmap allocation.           |
+|                        | It also limits the designated FF-A calls to be used|
+|                        | from NWd endpoints.                                |
+|                        | In the NWd the hypervisor is supposed to limit the |
+|                        | access to the designated FF-A call.                |
++------------------------+----------------------------------------------------+
+
++------------------------+----------------------------------------------------+
+| ID                     | 13                                                 |
++========================+====================================================+
+| ``Threat``             | **A malicious endpoint may attempt to destroy the  |
+|                        | notifications bitmaps in the SPMC, through the     |
+|                        | FFA_NOTIFICATION_BITMAP_DESTROY.**                 |
+|                        | This might be an attempt to tamper with the SPMC   |
+|                        | state such that a partition isn't able to receive  |
+|                        | notifications.                                     |
++------------------------+----------------------------------------------------+
+| ``Diagram Elements``   | DF1, DF2, DF3                                      |
++------------------------+----------------------------------------------------+
+| ``Affected TF-A        | SPMC                                               |
+| Components``           |                                                    |
++------------------------+----------------------------------------------------+
+| ``Assets``             | SPMC state                                         |
++------------------------+----------------------------------------------------+
+| ``Threat Agent``       | NS-Endpoint, S-Endpoint                            |
++------------------------+----------------------------------------------------+
+| ``Threat Type``        | Tampering                                          |
++------------------------+------------------+-----------------+---------------+
+| ``Application``        |   ``Server``     |   ``Mobile``    |               |
++------------------------+------------------+-----------------+---------------+
+| ``Impact``             | Low(2)           | Low(2)          |               |
++------------------------+------------------+-----------------+---------------+
+| ``Likelihood``         | Low(2)           | Low(2)          |               |
++------------------------+------------------+-----------------+---------------+
+| ``Total Risk Rating``  | Low(4)           | Low(4)          |               |
++------------------------+------------------+-----------------+---------------+
+| ``Mitigations``        | The TF-A SPMC mitigates this issue by limiting the |
+|                        | designated FF-A call to be issued by the NWd.      |
+|                        | Also, the notifications bitmap can't be destroyed  |
+|                        | if there are pending notifications.                |
+|                        | In the NWd, the hypervisor must restrict the       |
+|                        | NS-endpoints that can issue the designated call.   |
++------------------------+----------------------------------------------------+
+
++------------------------+----------------------------------------------------+
+| ID                     | 14                                                 |
++========================+====================================================+
+| ``Threat``             | **A malicious endpoint might attempt to give       |
+|                        | permissions to an unintended sender to set         |
+|                        | notifications targeting another receiver using the |
+|                        | FF-A call FFA_NOTIFICATION_BIND.**                 |
+|                        | This might be an attempt to tamper with the SPMC   |
+|                        | state such that an unintended, and possibly        |
+|                        | malicious, communication channel is established.   |
++------------------------+----------------------------------------------------+
+| ``Diagram Elements``   | DF1, DF2, DF3                                      |
++------------------------+----------------------------------------------------+
+| ``Affected TF-A        | SPMC                                               |
+| Components``           |                                                    |
++------------------------+----------------------------------------------------+
+| ``Assets``             | SPMC state                                         |
++------------------------+----------------------------------------------------+
+| ``Threat Agent``       | NS-Endpoint, S-Endpoint                            |
++------------------------+----------------------------------------------------+
+| ``Threat Type``        | Tampering, Spoofing                                |
++------------------------+------------------+-----------------+---------------+
+| ``Application``        |   ``Server``     |   ``Mobile``    |               |
++------------------------+------------------+-----------------+---------------+
+| ``Impact``             | Low(2)           | Low(2)          |               |
++------------------------+------------------+-----------------+---------------+
+| ``Likelihood``         | Medium(3)        | Medium(3)       |               |
++------------------------+------------------+-----------------+---------------+
+| ``Total Risk Rating``  | Medium(6)        | Medium(6)       |               |
++------------------------+------------------+-----------------+---------------+
+| ``Mitigations``        | The TF-A SPMC mitigates this by restricting        |
+|                        | designated FFA_NOTIFICATION_BIND call to be issued |
+|                        | by the receiver only. The receiver is responsible  |
+|                        | for allocating the notifications IDs to one        |
+|                        | specific partition.                                |
+|                        | Also, receivers that are not meant to receive      |
+|                        | notifications, must have notifications receipt     |
+|                        | disabled in the respective partition's manifest.   |
+|                        | As for calls coming from NWd, if the NWd VM has had|
+|                        | its bitmap allocated at initialization, the TF-A   |
+|                        | SPMC can't guarantee this threat won't happen.     |
+|                        | The Hypervisor must mitigate in the NWd, similarly |
+|                        | to SPMC for calls in SWd. Though, if the Hypervisor|
+|                        | has been compromised, the SPMC won't be able to    |
+|                        | mitigate it for calls forwarded from NWd.          |
++------------------------+----------------------------------------------------+
+
++------------------------+----------------------------------------------------+
+| ID                     | 15                                                 |
++========================+====================================================+
+| ``Threat``             | **A malicious partition endpoint might attempt to  |
+|                        | set notifications that are not bound to it.**      |
++------------------------+----------------------------------------------------+
+| ``Diagram Elements``   | DF1, DF2, DF3                                      |
++------------------------+----------------------------------------------------+
+| ``Affected TF-A        | SPMC                                               |
+| Components``           |                                                    |
++------------------------+----------------------------------------------------+
+| ``Assets``             | SPMC state                                         |
++------------------------+----------------------------------------------------+
+| ``Threat Agent``       | NS-Endpoint, S-Endpoint                            |
++------------------------+----------------------------------------------------+
+| ``Threat Type``        | Spoofing                                           |
++------------------------+------------------+-----------------+---------------+
+| ``Application``        |   ``Server``     |   ``Mobile``    |               |
++------------------------+------------------+-----------------+---------------+
+| ``Impact``             | Low(2)           | Low(2)          |               |
++------------------------+------------------+-----------------+---------------+
+| ``Likelihood``         | Low(2)           | Low(2)          |               |
++------------------------+------------------+-----------------+---------------+
+| ``Total Risk Rating``  | Low(4)           | Low(4)          |               |
++------------------------+------------------+-----------------+---------------+
+| ``Mitigations``        | The TF-A SPMC mitigates this by checking the       |
+|                        | sender's ID provided in the input to the call      |
+|                        | FFA_NOTIFICATION_SET. The SPMC keeps track of which|
+|                        | notifications are bound to which sender, for a     |
+|                        | given receiver. If the sender is an SP, the        |
+|                        | provided sender ID must match the ID of the        |
+|                        | currently running partition.                       |
++------------------------+----------------------------------------------------+
+
++------------------------+----------------------------------------------------+
+| ID                     | 16                                                 |
++========================+====================================================+
+| ``Threat``             | **A malicious partition endpoint might attempt to  |
+|                        | get notifications that are not targeted to it.**   |
++------------------------+----------------------------------------------------+
+| ``Diagram Elements``   | DF1, DF2, DF3                                      |
++------------------------+----------------------------------------------------+
+| ``Affected TF-A        | SPMC                                               |
+| Components``           |                                                    |
++------------------------+----------------------------------------------------+
+| ``Assets``             | SPMC state                                         |
++------------------------+----------------------------------------------------+
+| ``Threat Agent``       | NS-Endpoint, S-Endpoint                            |
++------------------------+----------------------------------------------------+
+| ``Threat Type``        | Spoofing                                           |
++------------------------+------------------+-----------------+---------------+
+| ``Application``        |   ``Server``     |   ``Mobile``    |               |
++------------------------+------------------+-----------------+---------------+
+| ``Impact``             | Informational(1) | Informational(1)|               |
++------------------------+------------------+-----------------+---------------+
+| ``Likelihood``         | Low(2)           | Low(2)          |               |
++------------------------+------------------+-----------------+---------------+
+| ``Total Risk Rating``  | Low(2)           | Low(2)          |               |
++------------------------+------------------+-----------------+---------------+
+| ``Mitigations``        | The TF-A SPMC mitigates this by checking the       |
+|                        | receiver's ID provided in the input to the call    |
+|                        | FFA_NOTIFICATION_GET. The SPMC keeps track of which|
+|                        | notifications are pending for each receiver.       |
+|                        | The provided receiver ID must match the ID of the  |
+|                        | currently running partition, if it is an SP.       |
+|                        | For calls forwarded from NWd, the SPMC will return |
+|                        | the pending notifications if the receiver had its  |
+|                        | bitmap created, and has pending notifications.     |
+|                        | If Hypervisor or OS kernel are compromised, the    |
+|                        | SPMC won't be able to mitigate calls from rogue NWd|
+|                        | endpoints.                                         |
++------------------------+----------------------------------------------------+
+
++------------------------+----------------------------------------------------+
+| ID                     | 17                                                 |
++========================+====================================================+
+| ``Threat``             | **A malicious partition endpoint might attempt to  |
+|                        | get the information about pending notifications,   |
+|                        | through the FFA_NOTIFICATION_INFO_GET call.**      |
+|                        | This call is meant to be used by the NWd FF-A      |
+|                        | driver.                                            |
++------------------------+----------------------------------------------------+
+| ``Diagram Elements``   | DF1, DF2, DF3                                      |
++------------------------+----------------------------------------------------+
+| ``Affected TF-A        | SPMC                                               |
+| Components``           |                                                    |
++------------------------+----------------------------------------------------+
+| ``Assets``             | SPMC state                                         |
++------------------------+----------------------------------------------------+
+| ``Threat Agent``       | NS-Endpoint, S-Endpoint                            |
++------------------------+----------------------------------------------------+
+| ``Threat Type``        | Information disclosure                             |
++------------------------+------------------+-----------------+---------------+
+| ``Application``        |   ``Server``     |   ``Mobile``    |               |
++------------------------+------------------+-----------------+---------------+
+| ``Impact``             | Low(2)           | Low(2)          |               |
++------------------------+------------------+-----------------+---------------+
+| ``Likelihood``         | Medium(3)        | Medium(3)       |               |
++------------------------+------------------+-----------------+---------------+
+| ``Total Risk Rating``  | Medium(6)        | Medium(6)       |               |
++------------------------+------------------+-----------------+---------------+
+| ``Mitigations``        | The TF-A SPMC mitigates this by returning error to |
+|                        | calls made by SPs to FFA_NOTIFICATION_INFO_GET.    |
+|                        | If Hypervisor or OS kernel are compromised, the    |
+|                        | SPMC won't be able mitigate calls from rogue NWd   |
+|                        | endpoints.                                         |
++------------------------+----------------------------------------------------+
+
++------------------------+----------------------------------------------------+
+| ID                     | 18                                                 |
++========================+====================================================+
+| ``Threat``             | **A malicious partition endpoint might attempt to  |
+|                        | flood another partition endpoint with notifications|
+|                        | hindering its operation.**                         |
+|                        | The intent of the malicious endpoint could be to   |
+|                        | interfere with both the receiver's and/or primary  |
+|                        | endpoint execution, as they can both be preempted  |
+|                        | by the NPI and SRI, respectively.                  |
++------------------------+----------------------------------------------------+
+| ``Diagram Elements``   | DF1, DF2, DF3, DF4                                 |
++------------------------+----------------------------------------------------+
+| ``Affected TF-A        | SPMC                                               |
+| Components``           |                                                    |
++------------------------+----------------------------------------------------+
+| ``Assets``             | SPMC state, SP state, CPU cycles                   |
++------------------------+----------------------------------------------------+
+| ``Threat Agent``       | NS-Endpoint, S-Endpoint                            |
++------------------------+----------------------------------------------------+
+| ``Threat Type``        | DoS                                                |
++------------------------+------------------+-----------------+---------------+
+| ``Application``        |   ``Server``     |   ``Mobile``    |               |
++------------------------+------------------+-----------------+---------------+
+| ``Impact``             | Low(2)           | Low(2)          |               |
++------------------------+------------------+-----------------+---------------+
+| ``Likelihood``         | Medium(3)        | Medium(3)       |               |
++------------------------+------------------+-----------------+---------------+
+| ``Total Risk Rating``  | Medium(6)        | Medium(6)       |               |
++------------------------+------------------+-----------------+---------------+
+| ``Mitigations``        | The TF-A SPMC does not mitigate this threat.       |
+|                        | However, the impact is limited due to the          |
+|                        | architecture:                                      |
+|                        | - Notifications are not queued, one that has been  |
+|                        | signaled needs to be retrieved by the receiver,    |
+|                        | until it can be sent again.                        |
+|                        | - Both SRI and NPI can't be pended until handled   |
+|                        | which limits the amount of spurious interrupts.    |
+|                        | - A given receiver could only bind a maximum number|
+|                        | of notifications to a given sender, within a given |
+|                        | execution context.                                 |
++------------------------+----------------------------------------------------+
+
+---------------
 
 *Copyright (c) 2021, Arm Limited. All rights reserved.*