Merge "docs(threat_model): mark power analysis threats out-of-scope" into integration

commit: f9ae4a84a87d22dadec879d1202e1f6ff04300f9 [log] [tgz]
author: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Tue Feb 20 17:04:03 2024 +0100
committer: TrustedFirmware Code Review <review@review.trustedfirmware.org> Tue Feb 20 17:04:03 2024 +0100
tree: a44dc03cf8a5ea942fd9846d6ca8dc7b7c90e0a2
parent: c5e397182acb3a7e7002d5c3f224422b5448aaa7 [diff]
parent: 370f3d17ca69a9261354330ba946b39eeca974ca [diff]
diff --git a/docs/threat_model/firmware_threat_model/threat_model.rst b/docs/threat_model/firmware_threat_model/threat_model.rst
index d93547f..63bdc8a 100644
--- a/docs/threat_model/firmware_threat_model/threat_model.rst
+++ b/docs/threat_model/firmware_threat_model/threat_model.rst

@@ -163,6 +163,15 @@
   ion beam (FIB) workstation or decapsulate the chip using chemicals) is
   considered out-of-scope.
 
+  Certain non-invasive physical attacks that do not need modifications to the
+  chip, notably those like Power Analysis Attacks, are out-of-scope. Power
+  analysis side-channel attacks represent a category of security threats that
+  capitalize on information leakage through a device's power consumption during
+  its normal operation. These attacks leverage the correlation between a
+  device's power usage and its internal data processing activities. This
+  correlation provides attackers with the means to extract sensitive
+  information, including cryptographic keys.
+
 Threat Types
 ============
commit	f9ae4a84a87d22dadec879d1202e1f6ff04300f9	[log] [tgz]
author	Lauren Wehrmeister <lauren.wehrmeister@arm.com>	Tue Feb 20 17:04:03 2024 +0100
committer	TrustedFirmware Code Review <review@review.trustedfirmware.org>	Tue Feb 20 17:04:03 2024 +0100
tree	a44dc03cf8a5ea942fd9846d6ca8dc7b7c90e0a2
parent	c5e397182acb3a7e7002d5c3f224422b5448aaa7 [diff]
parent	370f3d17ca69a9261354330ba946b39eeca974ca [diff]