| Paul Beesley | fc9ee36 | 2019-03-07 15:47:15 +0000 | [diff] [blame] | 1 | Security Handling |
| 2 | ================= |
| Paul Beesley | 236d246 | 2019-03-05 17:19:37 +0000 | [diff] [blame] | 3 | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 4 | Security Disclosures |
| 5 | -------------------- |
| 6 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 7 | We disclose all security vulnerabilities we find, or are advised about, that are |
| 8 | relevant to Trusted Firmware-A. We encourage responsible disclosure of |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 9 | vulnerabilities and inform users as best we can about all possible issues. |
| 10 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 11 | We disclose TF-A vulnerabilities as Security Advisories, all of which are listed |
| 12 | at the bottom of this page. Any new ones will, additionally, be announced as |
| 13 | issues in the project's `issue tracker`_ with the ``security-advisory`` tag. You |
| 14 | can receive notification emails for these by watching the "Trusted Firmware-A" |
| 15 | project at https://developer.trustedfirmware.org/. |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 16 | |
| 17 | Found a Security Issue? |
| 18 | ----------------------- |
| 19 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 20 | Although we try to keep TF-A secure, we can only do so with the help of the |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 21 | community of developers and security researchers. |
| 22 | |
| Sandrine Bailleux | 6e78c79 | 2020-08-12 10:52:32 +0200 | [diff] [blame] | 23 | .. warning:: |
| 24 | If you think you have found a security vulnerability, please **do not** |
| 25 | report it in the `issue tracker`_ or on the `mailing list`_. Instead, please |
| 26 | follow the `TrustedFirmware.org security incident process`_. |
| 27 | |
| 28 | One of the goals of this process is to ensure providers of products that use |
| 29 | TF-A have a chance to consider the implications of the vulnerability and its |
| 30 | remedy before it is made public. As such, please follow the disclosure plan |
| 31 | outlined in the process. We do our best to respond and fix any issues quickly. |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 32 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 33 | Afterwards, we encourage you to write-up your findings about the TF-A source |
| 34 | code. |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 35 | |
| 36 | Attribution |
| 37 | ----------- |
| 38 | |
| Sandrine Bailleux | 85e9ba4 | 2020-06-22 12:11:47 +0200 | [diff] [blame] | 39 | We will name and thank you in the :ref:`Change Log & Release Notes` distributed |
| 40 | with the source code and in any published security advisory. |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 41 | |
| 42 | Security Advisories |
| 43 | ------------------- |
| 44 | |
| 45 | +-----------+------------------------------------------------------------------+ |
| 46 | | ID | Title | |
| 47 | +===========+==================================================================+ |
| Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 48 | | |TFV-1| | Malformed Firmware Update SMC can result in copy of unexpectedly | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 49 | | | large data into secure memory | |
| 50 | +-----------+------------------------------------------------------------------+ |
| Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 51 | | |TFV-2| | Enabled secure self-hosted invasive debug interface can allow | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 52 | | | normal world to panic secure world | |
| 53 | +-----------+------------------------------------------------------------------+ |
| Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 54 | | |TFV-3| | RO memory is always executable at AArch64 Secure EL1 | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 55 | +-----------+------------------------------------------------------------------+ |
| Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 56 | | |TFV-4| | Malformed Firmware Update SMC can result in copy or | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 57 | | | authentication of unexpected data in secure memory in AArch32 | |
| 58 | | | state | |
| 59 | +-----------+------------------------------------------------------------------+ |
| Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 60 | | |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 61 | | | world timing information | |
| 62 | +-----------+------------------------------------------------------------------+ |
| Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 63 | | |TFV-6| | Trusted Firmware-A exposure to speculative processor | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 64 | | | vulnerabilities using cache timing side-channels | |
| 65 | +-----------+------------------------------------------------------------------+ |
| Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 66 | | |TFV-7| | Trusted Firmware-A exposure to cache speculation vulnerability | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 67 | | | Variant 4 | |
| 68 | +-----------+------------------------------------------------------------------+ |
| Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 69 | | |TFV-8| | Not saving x0 to x3 registers can leak information from one | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 70 | | | Normal World SMC client to another | |
| 71 | +-----------+------------------------------------------------------------------+ |
| 72 | |
| John Tsichritzis | bf4540e | 2019-05-21 10:37:55 +0100 | [diff] [blame] | 73 | .. _issue tracker: https://developer.trustedfirmware.org/project/board/1/ |
| Sandrine Bailleux | 6ef77ce | 2020-08-03 10:27:19 +0200 | [diff] [blame] | 74 | .. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-a |
| Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 75 | |
| 76 | .. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)` |
| 77 | .. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)` |
| 78 | .. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)` |
| 79 | .. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)` |
| 80 | .. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)` |
| 81 | .. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)` |
| 82 | .. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)` |
| 83 | .. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)` |
| 84 | |
| Sandrine Bailleux | 85e9ba4 | 2020-06-22 12:11:47 +0200 | [diff] [blame] | 85 | .. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/ |
| 86 | |
| Paul Beesley | f864067 | 2019-04-12 14:19:42 +0100 | [diff] [blame] | 87 | -------------- |
| 88 | |
| Sandrine Bailleux | 85e9ba4 | 2020-06-22 12:11:47 +0200 | [diff] [blame] | 89 | *Copyright (c) 2019-2020, Arm Limited. All rights reserved.* |