1Threat Model 2============ 3 4Threat modeling is an important part of Secure Development Lifecycle (SDL) 5that helps us identify potential threats and mitigations affecting a system. 6 7As the TF-A codebase is highly configurable to allow tailoring it best for each 8platform's needs, providing a holistic threat model covering all of its features 9is not necessarily the best approach. Instead, we provide a collection of 10documents which, together, form the project's threat model. These are 11articulated around a core document, called the :ref:`Generic Threat Model`, 12which focuses on the most common configuration we expect to see. The other 13documents typically focus on specific features not covered in the core document. 14 15As the TF-A codebase evolves and new features get added, these threat model 16documents will be updated and extended in parallel to reflect at best the 17current status of the code from a security standpoint. 18 19 .. note:: 20 21 Although our aim is eventually to provide threat model material for all 22 features within the project, we have not reached that point yet. We expect 23 to gradually fill these gaps over time. 24 25Each of these documents give a description of the target of evaluation using a 26data flow diagram, as well as a list of threats we have identified using the 27`STRIDE threat modeling technique`_ and corresponding mitigations. 28 29.. toctree:: 30 :maxdepth: 1 31 :caption: Contents 32 33 threat_model 34 threat_model_el3_spm 35 threat_model_fvp_r 36 threat_model_rss_interface 37 threat_model_arm_cca 38 39-------------- 40 41*Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.* 42 43.. _STRIDE threat modeling technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model 44
