| Paul Beesley | fc9ee36 | 2019-03-07 15:47:15 +0000 | [diff] [blame] | 1 | Security Handling |
| 2 | ================= |
| Paul Beesley | 236d246 | 2019-03-05 17:19:37 +0000 | [diff] [blame] | 3 | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 4 | Security Disclosures |
| 5 | -------------------- |
| 6 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 7 | We disclose all security vulnerabilities we find, or are advised about, that are |
| 8 | relevant to Trusted Firmware-A. We encourage responsible disclosure of |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 9 | vulnerabilities and inform users as best we can about all possible issues. |
| 10 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 11 | We disclose TF-A vulnerabilities as Security Advisories, all of which are listed |
| 12 | at the bottom of this page. Any new ones will, additionally, be announced as |
| 13 | issues in the project's `issue tracker`_ with the ``security-advisory`` tag. You |
| 14 | can receive notification emails for these by watching the "Trusted Firmware-A" |
| 15 | project at https://developer.trustedfirmware.org/. |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 16 | |
| 17 | Found a Security Issue? |
| 18 | ----------------------- |
| 19 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 20 | Although we try to keep TF-A secure, we can only do so with the help of the |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 21 | community of developers and security researchers. |
| 22 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 23 | If you think you have found a security vulnerability, please **do not** report it |
| 24 | in the `issue tracker`_. Instead send an email to |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 25 | trusted-firmware-security@arm.com |
| 26 | |
| 27 | Please include: |
| 28 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 29 | * Trusted Firmware-A version (or commit) affected |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 30 | |
| 31 | * A description of the concern or vulnerability |
| 32 | |
| 33 | * Details on how to replicate the vulnerability, including: |
| 34 | |
| 35 | - Configuration details |
| 36 | |
| 37 | - Proof of concept exploit code |
| 38 | |
| 39 | - Any additional software or tools required |
| 40 | |
| 41 | We recommend using `this PGP/GPG key`_ for encrypting the information. This key |
| 42 | is also available at http://keyserver.pgp.com and LDAP port 389 of the same |
| 43 | server. The fingerprint for this key is: |
| 44 | |
| 45 | :: |
| 46 | |
| 47 | 1309 2C19 22B4 8E87 F17B FE5C 3AB7 EFCB 45A0 DFD0 |
| 48 | |
| 49 | If you would like replies to be encrypted, please provide your public key. |
| 50 | |
| 51 | Please give us the time to respond to you and fix the vulnerability before going |
| 52 | public. We do our best to respond and fix any issues quickly. We also need to |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 53 | ensure providers of products that use TF-A have a chance to consider the |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 54 | implications of the vulnerability and its remedy. |
| 55 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 56 | Afterwards, we encourage you to write-up your findings about the TF-A source |
| 57 | code. |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 58 | |
| 59 | Attribution |
| 60 | ----------- |
| 61 | |
| 62 | We will name and thank you in the ``change-log.rst`` distributed with the source |
| 63 | code and in any published security advisory. |
| 64 | |
| 65 | Security Advisories |
| 66 | ------------------- |
| 67 | |
| 68 | +-----------+------------------------------------------------------------------+ |
| 69 | | ID | Title | |
| 70 | +===========+==================================================================+ |
| 71 | | `TFV-1`_ | Malformed Firmware Update SMC can result in copy of unexpectedly | |
| 72 | | | large data into secure memory | |
| 73 | +-----------+------------------------------------------------------------------+ |
| 74 | | `TFV-2`_ | Enabled secure self-hosted invasive debug interface can allow | |
| 75 | | | normal world to panic secure world | |
| 76 | +-----------+------------------------------------------------------------------+ |
| 77 | | `TFV-3`_ | RO memory is always executable at AArch64 Secure EL1 | |
| 78 | +-----------+------------------------------------------------------------------+ |
| 79 | | `TFV-4`_ | Malformed Firmware Update SMC can result in copy or | |
| 80 | | | authentication of unexpected data in secure memory in AArch32 | |
| 81 | | | state | |
| 82 | +-----------+------------------------------------------------------------------+ |
| 83 | | `TFV-5`_ | Not initializing or saving/restoring PMCR_EL0 can leak secure | |
| 84 | | | world timing information | |
| 85 | +-----------+------------------------------------------------------------------+ |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 86 | | `TFV-6`_ | Trusted Firmware-A exposure to speculative processor | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 87 | | | vulnerabilities using cache timing side-channels | |
| 88 | +-----------+------------------------------------------------------------------+ |
| 89 | | `TFV-7`_ | Trusted Firmware-A exposure to cache speculation vulnerability | |
| 90 | | | Variant 4 | |
| 91 | +-----------+------------------------------------------------------------------+ |
| 92 | | `TFV-8`_ | Not saving x0 to x3 registers can leak information from one | |
| 93 | | | Normal World SMC client to another | |
| 94 | +-----------+------------------------------------------------------------------+ |
| 95 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 96 | .. _issue tracker: https://developer.trustedfirmware.org/project/board/1/ |
| Joel Hutton | 0f79fb1 | 2019-02-26 16:23:54 +0000 | [diff] [blame] | 97 | .. _this PGP/GPG key: security-reporting.asc |
| John Tsichritzis | 21d8f38 | 2019-06-24 13:22:30 +0100 | [diff] [blame] | 98 | .. _TFV-1: ../security_advisories/security-advisory-tfv-1.rst |
| 99 | .. _TFV-2: ../security_advisories/security-advisory-tfv-2.rst |
| 100 | .. _TFV-3: ../security_advisories/security-advisory-tfv-3.rst |
| 101 | .. _TFV-4: ../security_advisories/security-advisory-tfv-4.rst |
| 102 | .. _TFV-5: ../security_advisories/security-advisory-tfv-5.rst |
| 103 | .. _TFV-6: ../security_advisories/security-advisory-tfv-6.rst |
| 104 | .. _TFV-7: ../security_advisories/security-advisory-tfv-7.rst |
| 105 | .. _TFV-8: ../security_advisories/security-advisory-tfv-8.rst |