blob: a3b9971e486a6cd5619f01db5cfbbb5243dafd3c [file] [log] [blame]
Paul Beesleyfc9ee362019-03-07 15:47:15 +00001Security Handling
2=================
Paul Beesley236d2462019-03-05 17:19:37 +00003
Joel Hutton9e605632019-02-25 15:18:56 +00004Security Disclosures
5--------------------
6
John Tsichritzisbf4540e2019-05-21 10:37:55 +01007We disclose all security vulnerabilities we find, or are advised about, that are
8relevant to Trusted Firmware-A. We encourage responsible disclosure of
Joel Hutton9e605632019-02-25 15:18:56 +00009vulnerabilities and inform users as best we can about all possible issues.
10
John Tsichritzisbf4540e2019-05-21 10:37:55 +010011We disclose TF-A vulnerabilities as Security Advisories, all of which are listed
12at the bottom of this page. Any new ones will, additionally, be announced as
13issues in the project's `issue tracker`_ with the ``security-advisory`` tag. You
14can receive notification emails for these by watching the "Trusted Firmware-A"
15project at https://developer.trustedfirmware.org/.
Joel Hutton9e605632019-02-25 15:18:56 +000016
17Found a Security Issue?
18-----------------------
19
John Tsichritzisbf4540e2019-05-21 10:37:55 +010020Although we try to keep TF-A secure, we can only do so with the help of the
Joel Hutton9e605632019-02-25 15:18:56 +000021community of developers and security researchers.
22
Sandrine Bailleux6e78c792020-08-12 10:52:32 +020023.. warning::
24 If you think you have found a security vulnerability, please **do not**
25 report it in the `issue tracker`_ or on the `mailing list`_. Instead, please
26 follow the `TrustedFirmware.org security incident process`_.
27
28One of the goals of this process is to ensure providers of products that use
29TF-A have a chance to consider the implications of the vulnerability and its
30remedy before it is made public. As such, please follow the disclosure plan
31outlined in the process. We do our best to respond and fix any issues quickly.
Joel Hutton9e605632019-02-25 15:18:56 +000032
John Tsichritzisbf4540e2019-05-21 10:37:55 +010033Afterwards, we encourage you to write-up your findings about the TF-A source
34code.
Joel Hutton9e605632019-02-25 15:18:56 +000035
36Attribution
37-----------
38
Sandrine Bailleux85e9ba42020-06-22 12:11:47 +020039We will name and thank you in the :ref:`Change Log & Release Notes` distributed
40with the source code and in any published security advisory.
Joel Hutton9e605632019-02-25 15:18:56 +000041
42Security Advisories
43-------------------
44
45+-----------+------------------------------------------------------------------+
46| ID | Title |
47+===========+==================================================================+
Paul Beesleyf8640672019-04-12 14:19:42 +010048| |TFV-1| | Malformed Firmware Update SMC can result in copy of unexpectedly |
Joel Hutton9e605632019-02-25 15:18:56 +000049| | large data into secure memory |
50+-----------+------------------------------------------------------------------+
Paul Beesleyf8640672019-04-12 14:19:42 +010051| |TFV-2| | Enabled secure self-hosted invasive debug interface can allow |
Joel Hutton9e605632019-02-25 15:18:56 +000052| | normal world to panic secure world |
53+-----------+------------------------------------------------------------------+
Paul Beesleyf8640672019-04-12 14:19:42 +010054| |TFV-3| | RO memory is always executable at AArch64 Secure EL1 |
Joel Hutton9e605632019-02-25 15:18:56 +000055+-----------+------------------------------------------------------------------+
Paul Beesleyf8640672019-04-12 14:19:42 +010056| |TFV-4| | Malformed Firmware Update SMC can result in copy or |
Joel Hutton9e605632019-02-25 15:18:56 +000057| | authentication of unexpected data in secure memory in AArch32 |
58| | state |
59+-----------+------------------------------------------------------------------+
Paul Beesleyf8640672019-04-12 14:19:42 +010060| |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure |
Joel Hutton9e605632019-02-25 15:18:56 +000061| | world timing information |
62+-----------+------------------------------------------------------------------+
Paul Beesleyf8640672019-04-12 14:19:42 +010063| |TFV-6| | Trusted Firmware-A exposure to speculative processor |
Joel Hutton9e605632019-02-25 15:18:56 +000064| | vulnerabilities using cache timing side-channels |
65+-----------+------------------------------------------------------------------+
Paul Beesleyf8640672019-04-12 14:19:42 +010066| |TFV-7| | Trusted Firmware-A exposure to cache speculation vulnerability |
Joel Hutton9e605632019-02-25 15:18:56 +000067| | Variant 4 |
68+-----------+------------------------------------------------------------------+
Paul Beesleyf8640672019-04-12 14:19:42 +010069| |TFV-8| | Not saving x0 to x3 registers can leak information from one |
Joel Hutton9e605632019-02-25 15:18:56 +000070| | Normal World SMC client to another |
71+-----------+------------------------------------------------------------------+
72
John Tsichritzisbf4540e2019-05-21 10:37:55 +010073.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
Sandrine Bailleux6ef77ce2020-08-03 10:27:19 +020074.. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-a
Paul Beesleyf8640672019-04-12 14:19:42 +010075
76.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)`
77.. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)`
78.. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)`
79.. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)`
80.. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)`
81.. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)`
82.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)`
83.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)`
84
Sandrine Bailleux85e9ba42020-06-22 12:11:47 +020085.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/
86
Paul Beesleyf8640672019-04-12 14:19:42 +010087--------------
88
Sandrine Bailleux85e9ba42020-06-22 12:11:47 +020089*Copyright (c) 2019-2020, Arm Limited. All rights reserved.*