1*54fd6939SJiyong ParkSecurity Handling 2*54fd6939SJiyong Park================= 3*54fd6939SJiyong Park 4*54fd6939SJiyong ParkSecurity Disclosures 5*54fd6939SJiyong Park-------------------- 6*54fd6939SJiyong Park 7*54fd6939SJiyong ParkWe disclose all security vulnerabilities we find, or are advised about, that are 8*54fd6939SJiyong Parkrelevant to Trusted Firmware-A. We encourage responsible disclosure of 9*54fd6939SJiyong Parkvulnerabilities and inform users as best we can about all possible issues. 10*54fd6939SJiyong Park 11*54fd6939SJiyong ParkWe disclose TF-A vulnerabilities as Security Advisories, all of which are listed 12*54fd6939SJiyong Parkat the bottom of this page. Any new ones will, additionally, be announced as 13*54fd6939SJiyong Parkissues in the project's `issue tracker`_ with the ``security-advisory`` tag. You 14*54fd6939SJiyong Parkcan receive notification emails for these by watching the "Trusted Firmware-A" 15*54fd6939SJiyong Parkproject at https://developer.trustedfirmware.org/. 16*54fd6939SJiyong Park 17*54fd6939SJiyong ParkFound a Security Issue? 18*54fd6939SJiyong Park----------------------- 19*54fd6939SJiyong Park 20*54fd6939SJiyong ParkAlthough we try to keep TF-A secure, we can only do so with the help of the 21*54fd6939SJiyong Parkcommunity of developers and security researchers. 22*54fd6939SJiyong Park 23*54fd6939SJiyong Park.. warning:: 24*54fd6939SJiyong Park If you think you have found a security vulnerability, please **do not** 25*54fd6939SJiyong Park report it in the `issue tracker`_ or on the `mailing list`_. Instead, please 26*54fd6939SJiyong Park follow the `TrustedFirmware.org security incident process`_. 27*54fd6939SJiyong Park 28*54fd6939SJiyong ParkOne of the goals of this process is to ensure providers of products that use 29*54fd6939SJiyong ParkTF-A have a chance to consider the implications of the vulnerability and its 30*54fd6939SJiyong Parkremedy before it is made public. As such, please follow the disclosure plan 31*54fd6939SJiyong Parkoutlined in the process. We do our best to respond and fix any issues quickly. 32*54fd6939SJiyong Park 33*54fd6939SJiyong ParkAfterwards, we encourage you to write-up your findings about the TF-A source 34*54fd6939SJiyong Parkcode. 35*54fd6939SJiyong Park 36*54fd6939SJiyong ParkAttribution 37*54fd6939SJiyong Park----------- 38*54fd6939SJiyong Park 39*54fd6939SJiyong ParkWe will name and thank you in the :ref:`Change Log & Release Notes` distributed 40*54fd6939SJiyong Parkwith the source code and in any published security advisory. 41*54fd6939SJiyong Park 42*54fd6939SJiyong ParkSecurity Advisories 43*54fd6939SJiyong Park------------------- 44*54fd6939SJiyong Park 45*54fd6939SJiyong Park+-----------+------------------------------------------------------------------+ 46*54fd6939SJiyong Park| ID | Title | 47*54fd6939SJiyong Park+===========+==================================================================+ 48*54fd6939SJiyong Park| |TFV-1| | Malformed Firmware Update SMC can result in copy of unexpectedly | 49*54fd6939SJiyong Park| | large data into secure memory | 50*54fd6939SJiyong Park+-----------+------------------------------------------------------------------+ 51*54fd6939SJiyong Park| |TFV-2| | Enabled secure self-hosted invasive debug interface can allow | 52*54fd6939SJiyong Park| | normal world to panic secure world | 53*54fd6939SJiyong Park+-----------+------------------------------------------------------------------+ 54*54fd6939SJiyong Park| |TFV-3| | RO memory is always executable at AArch64 Secure EL1 | 55*54fd6939SJiyong Park+-----------+------------------------------------------------------------------+ 56*54fd6939SJiyong Park| |TFV-4| | Malformed Firmware Update SMC can result in copy or | 57*54fd6939SJiyong Park| | authentication of unexpected data in secure memory in AArch32 | 58*54fd6939SJiyong Park| | state | 59*54fd6939SJiyong Park+-----------+------------------------------------------------------------------+ 60*54fd6939SJiyong Park| |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure | 61*54fd6939SJiyong Park| | world timing information | 62*54fd6939SJiyong Park+-----------+------------------------------------------------------------------+ 63*54fd6939SJiyong Park| |TFV-6| | Trusted Firmware-A exposure to speculative processor | 64*54fd6939SJiyong Park| | vulnerabilities using cache timing side-channels | 65*54fd6939SJiyong Park+-----------+------------------------------------------------------------------+ 66*54fd6939SJiyong Park| |TFV-7| | Trusted Firmware-A exposure to cache speculation vulnerability | 67*54fd6939SJiyong Park| | Variant 4 | 68*54fd6939SJiyong Park+-----------+------------------------------------------------------------------+ 69*54fd6939SJiyong Park| |TFV-8| | Not saving x0 to x3 registers can leak information from one | 70*54fd6939SJiyong Park| | Normal World SMC client to another | 71*54fd6939SJiyong Park+-----------+------------------------------------------------------------------+ 72*54fd6939SJiyong Park 73*54fd6939SJiyong Park.. _issue tracker: https://developer.trustedfirmware.org/project/board/1/ 74*54fd6939SJiyong Park.. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-a 75*54fd6939SJiyong Park 76*54fd6939SJiyong Park.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)` 77*54fd6939SJiyong Park.. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)` 78*54fd6939SJiyong Park.. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)` 79*54fd6939SJiyong Park.. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)` 80*54fd6939SJiyong Park.. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)` 81*54fd6939SJiyong Park.. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)` 82*54fd6939SJiyong Park.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)` 83*54fd6939SJiyong Park.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)` 84*54fd6939SJiyong Park 85*54fd6939SJiyong Park.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/ 86*54fd6939SJiyong Park 87*54fd6939SJiyong Park-------------- 88*54fd6939SJiyong Park 89*54fd6939SJiyong Park*Copyright (c) 2019-2020, Arm Limited. All rights reserved.* 90