blob: d1c997ba4ba396e6fc78d3445becc63f22dad000 [file] [log] [blame]
Paul Beesleyfc9ee362019-03-07 15:47:15 +00001Security Handling
2=================
Paul Beesley236d2462019-03-05 17:19:37 +00003
Joel Hutton9e605632019-02-25 15:18:56 +00004Security Disclosures
5--------------------
6
John Tsichritzisbf4540e2019-05-21 10:37:55 +01007We disclose all security vulnerabilities we find, or are advised about, that are
8relevant to Trusted Firmware-A. We encourage responsible disclosure of
Joel Hutton9e605632019-02-25 15:18:56 +00009vulnerabilities and inform users as best we can about all possible issues.
10
John Tsichritzisbf4540e2019-05-21 10:37:55 +010011We disclose TF-A vulnerabilities as Security Advisories, all of which are listed
12at the bottom of this page. Any new ones will, additionally, be announced as
13issues in the project's `issue tracker`_ with the ``security-advisory`` tag. You
14can receive notification emails for these by watching the "Trusted Firmware-A"
15project at https://developer.trustedfirmware.org/.
Joel Hutton9e605632019-02-25 15:18:56 +000016
17Found a Security Issue?
18-----------------------
19
John Tsichritzisbf4540e2019-05-21 10:37:55 +010020Although we try to keep TF-A secure, we can only do so with the help of the
Joel Hutton9e605632019-02-25 15:18:56 +000021community of developers and security researchers.
22
John Tsichritzisbf4540e2019-05-21 10:37:55 +010023If you think you have found a security vulnerability, please **do not** report it
24in the `issue tracker`_. Instead send an email to
Joel Hutton9e605632019-02-25 15:18:56 +000025trusted-firmware-security@arm.com
26
27Please include:
28
John Tsichritzisbf4540e2019-05-21 10:37:55 +010029* Trusted Firmware-A version (or commit) affected
Joel Hutton9e605632019-02-25 15:18:56 +000030
31* A description of the concern or vulnerability
32
33* Details on how to replicate the vulnerability, including:
34
35 - Configuration details
36
37 - Proof of concept exploit code
38
39 - Any additional software or tools required
40
41We recommend using `this PGP/GPG key`_ for encrypting the information. This key
42is also available at http://keyserver.pgp.com and LDAP port 389 of the same
43server. The fingerprint for this key is:
44
45::
46
47 1309 2C19 22B4 8E87 F17B FE5C 3AB7 EFCB 45A0 DFD0
48
49If you would like replies to be encrypted, please provide your public key.
50
51Please give us the time to respond to you and fix the vulnerability before going
52public. We do our best to respond and fix any issues quickly. We also need to
John Tsichritzisbf4540e2019-05-21 10:37:55 +010053ensure providers of products that use TF-A have a chance to consider the
Joel Hutton9e605632019-02-25 15:18:56 +000054implications of the vulnerability and its remedy.
55
John Tsichritzisbf4540e2019-05-21 10:37:55 +010056Afterwards, we encourage you to write-up your findings about the TF-A source
57code.
Joel Hutton9e605632019-02-25 15:18:56 +000058
59Attribution
60-----------
61
62We will name and thank you in the ``change-log.rst`` distributed with the source
63code and in any published security advisory.
64
65Security Advisories
66-------------------
67
68+-----------+------------------------------------------------------------------+
69| ID | Title |
70+===========+==================================================================+
71| `TFV-1`_ | Malformed Firmware Update SMC can result in copy of unexpectedly |
72| | large data into secure memory |
73+-----------+------------------------------------------------------------------+
74| `TFV-2`_ | Enabled secure self-hosted invasive debug interface can allow |
75| | normal world to panic secure world |
76+-----------+------------------------------------------------------------------+
77| `TFV-3`_ | RO memory is always executable at AArch64 Secure EL1 |
78+-----------+------------------------------------------------------------------+
79| `TFV-4`_ | Malformed Firmware Update SMC can result in copy or |
80| | authentication of unexpected data in secure memory in AArch32 |
81| | state |
82+-----------+------------------------------------------------------------------+
83| `TFV-5`_ | Not initializing or saving/restoring PMCR_EL0 can leak secure |
84| | world timing information |
85+-----------+------------------------------------------------------------------+
John Tsichritzisbf4540e2019-05-21 10:37:55 +010086| `TFV-6`_ | Trusted Firmware-A exposure to speculative processor |
Joel Hutton9e605632019-02-25 15:18:56 +000087| | vulnerabilities using cache timing side-channels |
88+-----------+------------------------------------------------------------------+
89| `TFV-7`_ | Trusted Firmware-A exposure to cache speculation vulnerability |
90| | Variant 4 |
91+-----------+------------------------------------------------------------------+
92| `TFV-8`_ | Not saving x0 to x3 registers can leak information from one |
93| | Normal World SMC client to another |
94+-----------+------------------------------------------------------------------+
95
John Tsichritzisbf4540e2019-05-21 10:37:55 +010096.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
Joel Hutton0f79fb12019-02-26 16:23:54 +000097.. _this PGP/GPG key: security-reporting.asc
98.. _TFV-1: ./security_advisories/security-advisory-tfv-1.rst
99.. _TFV-2: ./security_advisories/security-advisory-tfv-2.rst
100.. _TFV-3: ./security_advisories/security-advisory-tfv-3.rst
101.. _TFV-4: ./security_advisories/security-advisory-tfv-4.rst
102.. _TFV-5: ./security_advisories/security-advisory-tfv-5.rst
103.. _TFV-6: ./security_advisories/security-advisory-tfv-6.rst
104.. _TFV-7: ./security_advisories/security-advisory-tfv-7.rst
105.. _TFV-8: ./security_advisories/security-advisory-tfv-8.rst