Hi,
This looks promising. Can you also create a list of guidelines resulting from the analysis? We can then roll them up as coding guidelines or design guidelines or to-do for platforms.
-Varun
From: TF-A tf-a-bounces@lists.trustedfirmware.org On Behalf Of Zelalem Aweke via TF-A Sent: Friday, April 16, 2021 8:15 AM To: tf-a@lists.trustedfirmware.org Subject: [TF-A] [RFC] TF-A threat model
External email: Use caution opening links or attachments
Hi All,
We are releasing the first TF-A threat model document. This release provides the baseline for future updates to be applied as required by developments to the TF-A code base. Please review the document provide comments here: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9627https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.trustedfirmware.org%2Fc%2FTF-A%2Ftrusted-firmware-a%2F%2B%2F9627&data=04%7C01%7Cvwadekar%40nvidia.com%7C208d8cdd57e947f0348608d900ea63fb%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C1%7C637541828966511620%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ady4TQnct7htxQNqN06FSZkBTjF9VA4a0A4h5YkL4MA%3D&reserved=0.
Thanks, Zelalem
Hi Varun, Where applicable, the "Mitigations" entries list what should be done by platforms including links to guidelines we already have in TF-A. We currently don't have a plan to create a separate design/coding guidelines document.
-Zelalem ________________________________ From: Varun Wadekar vwadekar@nvidia.com Sent: Friday, April 16, 2021 11:47 AM To: Zelalem Aweke Zelalem.Aweke@arm.com Cc: tf-a@lists.trustedfirmware.org tf-a@lists.trustedfirmware.org Subject: RE: [TF-A] [RFC] TF-A threat model
Hi,
This looks promising. Can you also create a list of guidelines resulting from the analysis? We can then roll them up as coding guidelines or design guidelines or to-do for platforms.
-Varun
From: TF-A tf-a-bounces@lists.trustedfirmware.org On Behalf Of Zelalem Aweke via TF-A Sent: Friday, April 16, 2021 8:15 AM To: tf-a@lists.trustedfirmware.org Subject: [TF-A] [RFC] TF-A threat model
External email: Use caution opening links or attachments
Hi All,
We are releasing the first TF-A threat model document. This release provides the baseline for future updates to be applied as required by developments to the TF-A code base. Please review the document provide comments here: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9627https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.trustedfirmware.org%2Fc%2FTF-A%2Ftrusted-firmware-a%2F%2B%2F9627&data=04%7C01%7Cvwadekar%40nvidia.com%7C208d8cdd57e947f0348608d900ea63fb%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C1%7C637541828966511620%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ady4TQnct7htxQNqN06FSZkBTjF9VA4a0A4h5YkL4MA%3D&reserved=0.
Thanks,
Zelalem
Thanks. To me, the action items were not clear enough. We don't have to add new docs but update or link to the docs that capture the AIs clearly.
I assume we want platform owners and maintainers to get clear AIs and confirm that those are covered.
From: Zelalem Aweke Zelalem.Aweke@arm.com Sent: Monday, April 19, 2021 2:38 PM To: Varun Wadekar vwadekar@nvidia.com Cc: tf-a@lists.trustedfirmware.org Subject: Re: [TF-A] [RFC] TF-A threat model
External email: Use caution opening links or attachments
Hi Varun, Where applicable, the "Mitigations" entries list what should be done by platforms including links to guidelines we already have in TF-A. We currently don't have a plan to create a separate design/coding guidelines document.
-Zelalem ________________________________ From: Varun Wadekar <vwadekar@nvidia.commailto:vwadekar@nvidia.com> Sent: Friday, April 16, 2021 11:47 AM To: Zelalem Aweke <Zelalem.Aweke@arm.commailto:Zelalem.Aweke@arm.com> Cc: tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org <tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org> Subject: RE: [TF-A] [RFC] TF-A threat model
Hi,
This looks promising. Can you also create a list of guidelines resulting from the analysis? We can then roll them up as coding guidelines or design guidelines or to-do for platforms.
-Varun
From: TF-A <tf-a-bounces@lists.trustedfirmware.orgmailto:tf-a-bounces@lists.trustedfirmware.org> On Behalf Of Zelalem Aweke via TF-A Sent: Friday, April 16, 2021 8:15 AM To: tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org Subject: [TF-A] [RFC] TF-A threat model
External email: Use caution opening links or attachments
Hi All,
We are releasing the first TF-A threat model document. This release provides the baseline for future updates to be applied as required by developments to the TF-A code base. Please review the document provide comments here: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9627https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.trustedfirmware.org%2Fc%2FTF-A%2Ftrusted-firmware-a%2F%2B%2F9627&data=04%7C01%7Cvwadekar%40nvidia.com%7Cac0f80a51023438c91e408d9037b7b03%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C1%7C637544651156559981%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=VfXUx649pM%2BaQ7bJ4wlFGgOnGqI2pbfgDcpfrDEwo9c%3D&reserved=0.
Thanks,
Zelalem
tf-a@lists.trustedfirmware.org
-
Varun Wadekar -
Zelalem Aweke