docs/process/security.rst

   1 Security Handling
   2 =================
   3
   4 Security Disclosures
   5 --------------------
   6
   7 We disclose all security vulnerabilities we find, or are advised about, that are
   8 relevant to Trusted Firmware-A. We encourage responsible disclosure of
   9 vulnerabilities and inform users as best we can about all possible issues.
  10
  11 We disclose TF-A vulnerabilities as Security Advisories, all of which are listed
  12 at the bottom of this page. Any new ones will, additionally, be announced as
  13 issues in the project's `issue tracker`_ with the ``security-advisory`` tag. You
  14 can receive notification emails for these by watching the "Trusted Firmware-A"
  15 project at https://developer.trustedfirmware.org/.
  16
  17 Found a Security Issue?
  18 -----------------------
  19
  20 Although we try to keep TF-A secure, we can only do so with the help of the
  21 community of developers and security researchers.
  22
  23 If you think you have found a security vulnerability, please **do not** report it
  24 in the `issue tracker`_. Instead send an email to
  25 trusted-firmware-security@arm.com
  26
  27 Please include:
  28
  29 * Trusted Firmware-A version (or commit) affected
  30
  31 * A description of the concern or vulnerability
  32
  33 * Details on how to replicate the vulnerability, including:
  34
  35   - Configuration details
  36
  37   - Proof of concept exploit code
  38
  39   - Any additional software or tools required
  40
  41 We recommend using :download:`this PGP/GPG key <./security-reporting.asc>` for
  42 encrypting the information. This key is also available at
  43 http://keyserver.pgp.com and LDAP port 389 of the same server.
  44
  45 The fingerprint for this key is:
  46
  47 ::
  48
  49     1309 2C19 22B4 8E87 F17B FE5C 3AB7 EFCB 45A0 DFD0
  50
  51 If you would like replies to be encrypted, please provide your public key.
  52
  53 Please give us the time to respond to you and fix the vulnerability before going
  54 public. We do our best to respond and fix any issues quickly. We also need to
  55 ensure providers of products that use TF-A have a chance to consider the
  56 implications of the vulnerability and its remedy.
  57
  58 Afterwards, we encourage you to write-up your findings about the TF-A source
  59 code.
  60
  61 Attribution
  62 -----------
  63
  64 We will name and thank you in the :ref:`Change Log & Release Notes` distributed with the source
  65 code and in any published security advisory.
  66
  67 Security Advisories
  68 -------------------
  69
  70 +-----------+------------------------------------------------------------------+
  71 | ID        | Title                                                            |
  72 +===========+==================================================================+
  73 |  |TFV-1|  | Malformed Firmware Update SMC can result in copy of unexpectedly |
  74 |           | large data into secure memory                                    |
  75 +-----------+------------------------------------------------------------------+
  76 |  |TFV-2|  | Enabled secure self-hosted invasive debug interface can allow    |
  77 |           | normal world to panic secure world                               |
  78 +-----------+------------------------------------------------------------------+
  79 |  |TFV-3|  | RO memory is always executable at AArch64 Secure EL1             |
  80 +-----------+------------------------------------------------------------------+
  81 |  |TFV-4|  | Malformed Firmware Update SMC can result in copy or              |
  82 |           | authentication of unexpected data in secure memory in AArch32    |
  83 |           | state                                                            |
  84 +-----------+------------------------------------------------------------------+
  85 |  |TFV-5|  | Not initializing or saving/restoring PMCR_EL0 can leak secure    |
  86 |           | world timing information                                         |
  87 +-----------+------------------------------------------------------------------+
  88 |  |TFV-6|  | Trusted Firmware-A exposure to speculative processor             |
  89 |           | vulnerabilities using cache timing side-channels                 |
  90 +-----------+------------------------------------------------------------------+
  91 |  |TFV-7|  | Trusted Firmware-A exposure to cache speculation vulnerability   |
  92 |           | Variant 4                                                        |
  93 +-----------+------------------------------------------------------------------+
  94 |  |TFV-8|  | Not saving x0 to x3 registers can leak information from one      |
  95 |           | Normal World SMC client to another                               |
  96 +-----------+------------------------------------------------------------------+
  97
  98 .. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
  99 .. _this PGP/GPG key: security-reporting.asc
 100
 101 .. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)`
 102 .. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)`
 103 .. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)`
 104 .. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)`
 105 .. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)`
 106 .. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)`
 107 .. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)`
 108 .. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)`
 109
 110 --------------
 111
 112 *Copyright (c) 2019, Arm Limited. All rights reserved.*