Blame - docs/process/security.rst - filogic/atf

blob: c6429ad5b26cc0cfc5b60dcab90f1ab713b76933 [file] [log] [blame]

Paul Beesley	fc9ee36	2019-03-07 15:47:15 +0000	[diff] [blame]	1	Security Handling
				2	=================
Paul Beesley	236d246	2019-03-05 17:19:37 +0000	[diff] [blame]	3
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	4	Security Disclosures
				5	--------------------
				6
John Tsichritzis	bf4540e	2019-05-21 10:37:55 +0100	[diff] [blame]	7	We disclose all security vulnerabilities we find, or are advised about, that are
				8	relevant to Trusted Firmware-A. We encourage responsible disclosure of
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	9	vulnerabilities and inform users as best we can about all possible issues.
				10
John Tsichritzis	bf4540e	2019-05-21 10:37:55 +0100	[diff] [blame]	11	We disclose TF-A vulnerabilities as Security Advisories, all of which are listed
Sandrine Bailleux	b95e38c	2023-01-11 11:15:14 +0100	[diff] [blame]	12	at the bottom of this page. Any new ones will, additionally, be announced on the
				13	TF-A project's `mailing list`_.
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	14
				15	Found a Security Issue?
				16	-----------------------
				17
John Tsichritzis	bf4540e	2019-05-21 10:37:55 +0100	[diff] [blame]	18	Although we try to keep TF-A secure, we can only do so with the help of the
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	19	community of developers and security researchers.
				20
Sandrine Bailleux	6e78c79	2020-08-12 10:52:32 +0200	[diff] [blame]	21	.. warning::
				22	If you think you have found a security vulnerability, please do not
				23	report it in the `issue tracker`_ or on the `mailing list`_. Instead, please
				24	follow the `TrustedFirmware.org security incident process`_.
				25
				26	One of the goals of this process is to ensure providers of products that use
				27	TF-A have a chance to consider the implications of the vulnerability and its
				28	remedy before it is made public. As such, please follow the disclosure plan
				29	outlined in the process. We do our best to respond and fix any issues quickly.
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	30
John Tsichritzis	bf4540e	2019-05-21 10:37:55 +0100	[diff] [blame]	31	Afterwards, we encourage you to write-up your findings about the TF-A source
				32	code.
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	33
				34	Attribution
				35	-----------
				36
Sandrine Bailleux	85e9ba4	2020-06-22 12:11:47 +0200	[diff] [blame]	37	We will name and thank you in the :ref:`Change Log & Release Notes` distributed
				38	with the source code and in any published security advisory.
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	39
				40	Security Advisories
				41	-------------------
				42
				43	+-----------+------------------------------------------------------------------+
				44	\| ID \| Title \|
				45	+===========+==================================================================+
Paul Beesley	f864067	2019-04-12 14:19:42 +0100	[diff] [blame]	46	\| \|TFV-1\| \| Malformed Firmware Update SMC can result in copy of unexpectedly \|
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	47	\| \| large data into secure memory \|
				48	+-----------+------------------------------------------------------------------+
Paul Beesley	f864067	2019-04-12 14:19:42 +0100	[diff] [blame]	49	\| \|TFV-2\| \| Enabled secure self-hosted invasive debug interface can allow \|
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	50	\| \| normal world to panic secure world \|
				51	+-----------+------------------------------------------------------------------+
Paul Beesley	f864067	2019-04-12 14:19:42 +0100	[diff] [blame]	52	\| \|TFV-3\| \| RO memory is always executable at AArch64 Secure EL1 \|
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	53	+-----------+------------------------------------------------------------------+
Paul Beesley	f864067	2019-04-12 14:19:42 +0100	[diff] [blame]	54	\| \|TFV-4\| \| Malformed Firmware Update SMC can result in copy or \|
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	55	\| \| authentication of unexpected data in secure memory in AArch32 \|
				56	\| \| state \|
				57	+-----------+------------------------------------------------------------------+
Paul Beesley	f864067	2019-04-12 14:19:42 +0100	[diff] [blame]	58	\| \|TFV-5\| \| Not initializing or saving/restoring PMCR_EL0 can leak secure \|
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	59	\| \| world timing information \|
				60	+-----------+------------------------------------------------------------------+
Paul Beesley	f864067	2019-04-12 14:19:42 +0100	[diff] [blame]	61	\| \|TFV-6\| \| Trusted Firmware-A exposure to speculative processor \|
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	62	\| \| vulnerabilities using cache timing side-channels \|
				63	+-----------+------------------------------------------------------------------+
Paul Beesley	f864067	2019-04-12 14:19:42 +0100	[diff] [blame]	64	\| \|TFV-7\| \| Trusted Firmware-A exposure to cache speculation vulnerability \|
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	65	\| \| Variant 4 \|
				66	+-----------+------------------------------------------------------------------+
Paul Beesley	f864067	2019-04-12 14:19:42 +0100	[diff] [blame]	67	\| \|TFV-8\| \| Not saving x0 to x3 registers can leak information from one \|
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	68	\| \| Normal World SMC client to another \|
				69	+-----------+------------------------------------------------------------------+
Manish V Badarkhe	a52114a	2023-02-16 18:11:40 +0000	[diff] [blame]	70	\| \|TFV-9\| \| Trusted Firmware-A exposure to speculative processor \|
				71	\| \| vulnerabilities with branch prediction target reuse \|
				72	+-----------+------------------------------------------------------------------+
				73	\| \|TFV-10\| \| Incorrect validation of X.509 certificate extensions can result \|
				74	\| \| in an out-of-bounds read \|
				75	+-----------+------------------------------------------------------------------+
Joel Hutton	9e60563	2019-02-25 15:18:56 +0000	[diff] [blame]	76
John Tsichritzis	bf4540e	2019-05-21 10:37:55 +0100	[diff] [blame]	77	.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
Sandrine Bailleux	1a4efb1	2022-04-21 10:17:22 +0200	[diff] [blame]	78	.. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
Paul Beesley	f864067	2019-04-12 14:19:42 +0100	[diff] [blame]	79
				80	.. \|TFV-1\| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)`
				81	.. \|TFV-2\| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)`
				82	.. \|TFV-3\| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)`
				83	.. \|TFV-4\| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)`
				84	.. \|TFV-5\| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)`
				85	.. \|TFV-6\| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)`
				86	.. \|TFV-7\| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)`
				87	.. \|TFV-8\| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)`
Manish V Badarkhe	a52114a	2023-02-16 18:11:40 +0000	[diff] [blame]	88	.. \|TFV-9\| replace:: :ref:`Advisory TFV-9 (CVE-2022-23960)`
				89	.. \|TFV-10\| replace:: :ref:`Advisory TFV-10 (CVE-2022-47630)`
Paul Beesley	f864067	2019-04-12 14:19:42 +0100	[diff] [blame]	90
Sandrine Bailleux	85e9ba4	2020-06-22 12:11:47 +0200	[diff] [blame]	91	.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/
				92
Paul Beesley	f864067	2019-04-12 14:19:42 +0100	[diff] [blame]	93	--------------
				94
Sandrine Bailleux	b95e38c	2023-01-11 11:15:14 +0100	[diff] [blame]	95	Copyright (c) 2019-2023, Arm Limited. All rights reserved.