xref: /arm-trusted-firmware/docs/process/security.rst (revision 91f16700b400a8c0651d24a598fc48ee2997a0d7) 
1*91f16700SchasingluluSecurity Handling
2*91f16700Schasinglulu=================
3*91f16700Schasinglulu
4*91f16700SchasingluluSecurity Disclosures
5*91f16700Schasinglulu--------------------
6*91f16700Schasinglulu
7*91f16700SchasingluluWe disclose all security vulnerabilities we find, or are advised about, that are
8*91f16700Schasinglulurelevant to Trusted Firmware-A. We encourage responsible disclosure of
9*91f16700Schasingluluvulnerabilities and inform users as best we can about all possible issues.
10*91f16700Schasinglulu
11*91f16700SchasingluluWe disclose TF-A vulnerabilities as Security Advisories, all of which are listed
12*91f16700Schasingluluat the bottom of this page. Any new ones will, additionally, be announced on the
13*91f16700SchasingluluTF-A project's `mailing list`_.
14*91f16700Schasinglulu
15*91f16700SchasingluluFound a Security Issue?
16*91f16700Schasinglulu-----------------------
17*91f16700Schasinglulu
18*91f16700SchasingluluAlthough we try to keep TF-A secure, we can only do so with the help of the
19*91f16700Schasinglulucommunity of developers and security researchers.
20*91f16700Schasinglulu
21*91f16700Schasinglulu.. warning::
22*91f16700Schasinglulu   If you think you have found a security vulnerability, please **do not**
23*91f16700Schasinglulu   report it in the `issue tracker`_ or on the `mailing list`_. Instead, please
24*91f16700Schasinglulu   follow the `TrustedFirmware.org security incident process`_.
25*91f16700Schasinglulu
26*91f16700SchasingluluOne of the goals of this process is to ensure providers of products that use
27*91f16700SchasingluluTF-A have a chance to consider the implications of the vulnerability and its
28*91f16700Schasingluluremedy before it is made public. As such, please follow the disclosure plan
29*91f16700Schasingluluoutlined in the process. We do our best to respond and fix any issues quickly.
30*91f16700Schasinglulu
31*91f16700SchasingluluAfterwards, we encourage you to write-up your findings about the TF-A source
32*91f16700Schasinglulucode.
33*91f16700Schasinglulu
34*91f16700SchasingluluAttribution
35*91f16700Schasinglulu-----------
36*91f16700Schasinglulu
37*91f16700SchasingluluWe will name and thank you in the :ref:`Change Log & Release Notes` distributed
38*91f16700Schasingluluwith the source code and in any published security advisory.
39*91f16700Schasinglulu
40*91f16700SchasingluluSecurity Advisories
41*91f16700Schasinglulu-------------------
42*91f16700Schasinglulu
43*91f16700Schasinglulu+-----------+------------------------------------------------------------------+
44*91f16700Schasinglulu| ID        | Title                                                            |
45*91f16700Schasinglulu+===========+==================================================================+
46*91f16700Schasinglulu|  |TFV-1|  | Malformed Firmware Update SMC can result in copy of unexpectedly |
47*91f16700Schasinglulu|           | large data into secure memory                                    |
48*91f16700Schasinglulu+-----------+------------------------------------------------------------------+
49*91f16700Schasinglulu|  |TFV-2|  | Enabled secure self-hosted invasive debug interface can allow    |
50*91f16700Schasinglulu|           | normal world to panic secure world                               |
51*91f16700Schasinglulu+-----------+------------------------------------------------------------------+
52*91f16700Schasinglulu|  |TFV-3|  | RO memory is always executable at AArch64 Secure EL1             |
53*91f16700Schasinglulu+-----------+------------------------------------------------------------------+
54*91f16700Schasinglulu|  |TFV-4|  | Malformed Firmware Update SMC can result in copy or              |
55*91f16700Schasinglulu|           | authentication of unexpected data in secure memory in AArch32    |
56*91f16700Schasinglulu|           | state                                                            |
57*91f16700Schasinglulu+-----------+------------------------------------------------------------------+
58*91f16700Schasinglulu|  |TFV-5|  | Not initializing or saving/restoring PMCR_EL0 can leak secure    |
59*91f16700Schasinglulu|           | world timing information                                         |
60*91f16700Schasinglulu+-----------+------------------------------------------------------------------+
61*91f16700Schasinglulu|  |TFV-6|  | Trusted Firmware-A exposure to speculative processor             |
62*91f16700Schasinglulu|           | vulnerabilities using cache timing side-channels                 |
63*91f16700Schasinglulu+-----------+------------------------------------------------------------------+
64*91f16700Schasinglulu|  |TFV-7|  | Trusted Firmware-A exposure to cache speculation vulnerability   |
65*91f16700Schasinglulu|           | Variant 4                                                        |
66*91f16700Schasinglulu+-----------+------------------------------------------------------------------+
67*91f16700Schasinglulu|  |TFV-8|  | Not saving x0 to x3 registers can leak information from one      |
68*91f16700Schasinglulu|           | Normal World SMC client to another                               |
69*91f16700Schasinglulu+-----------+------------------------------------------------------------------+
70*91f16700Schasinglulu|  |TFV-9|  | Trusted Firmware-A exposure to speculative processor             |
71*91f16700Schasinglulu|           | vulnerabilities with branch prediction target reuse              |
72*91f16700Schasinglulu+-----------+------------------------------------------------------------------+
73*91f16700Schasinglulu|  |TFV-10| | Incorrect validation of X.509 certificate extensions can result  |
74*91f16700Schasinglulu|           | in an out-of-bounds read                                         |
75*91f16700Schasinglulu+-----------+------------------------------------------------------------------+
76*91f16700Schasinglulu
77*91f16700Schasinglulu.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/
78*91f16700Schasinglulu.. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-a.lists.trustedfirmware.org/
79*91f16700Schasinglulu
80*91f16700Schasinglulu.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)`
81*91f16700Schasinglulu.. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)`
82*91f16700Schasinglulu.. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)`
83*91f16700Schasinglulu.. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)`
84*91f16700Schasinglulu.. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)`
85*91f16700Schasinglulu.. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)`
86*91f16700Schasinglulu.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)`
87*91f16700Schasinglulu.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)`
88*91f16700Schasinglulu.. |TFV-9| replace:: :ref:`Advisory TFV-9 (CVE-2022-23960)`
89*91f16700Schasinglulu.. |TFV-10| replace:: :ref:`Advisory TFV-10 (CVE-2022-47630)`
90*91f16700Schasinglulu
91*91f16700Schasinglulu.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/
92*91f16700Schasinglulu
93*91f16700Schasinglulu--------------
94*91f16700Schasinglulu
95*91f16700Schasinglulu*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
96