1Security Handling 2================= 3 4Security Disclosures 5-------------------- 6 7Trusted Firmware-M(TF-M) disclose all security vulnerabilities, or are advised 8about, that are relevant to TF-M. TF-M encourage responsible disclosure of 9vulnerabilities and try the best to inform users about all possible issues. 10 11The TF-M vulnerabilities are disclosed as Security Advisories, all of which are 12listed at the bottom of this page. 13 14Found a Security Issue? 15----------------------- 16 17Although TF-M try to keep secure, it can only do so with the help of the 18community of developers and security researchers. 19 20.. warning:: 21 If any security vulnerability was found, please **do not** 22 report it in the `issue tracker`_ or on the `mailing list`_. Instead, please 23 follow the `TrustedFirmware.org security incident process`_. 24 25One of the goals of this process is to ensure providers of products that use 26TF-M have a chance to consider the implications of the vulnerability and its 27remedy before it is made public. As such, please follow the disclosure plan 28outlined in the `Security Incident Process`_. TF-M do the best to respond and 29fix any issues quickly. 30 31Afterwards, write-up all the findings about the TF-M source code is highly 32encouraged. 33 34Attribution 35----------- 36 37TF-M values researchers and community members who report vulnerabilities and 38TF-M policy is to credit the contributor's name in the published security advisory. 39 40Security Advisories 41------------------- 42 43+------------+-----------------------------------------------------------------+ 44| ID | Title | 45+============+=================================================================+ 46| |TFMV-1| | NS world may cause the CPU to perform an unexpected return | 47| | operation due to unsealed stacks. | 48+------------+-----------------------------------------------------------------+ 49| |TFMV-2| | Invoking Secure functions from handler mode may cause TF-M IPC | 50| | model to behave unexpectedly. | 51+------------+-----------------------------------------------------------------+ 52| |TFMV-3| | ``abort()`` function may not take effect in TF-M Crypto | 53| | multi-part MAC/hashing/cipher operations. | 54+------------+-----------------------------------------------------------------+ 55| |TFMV-4| | NSPE may access secure keys stored in TF-M Crypto service | 56| | in Profile Small with Crypto key ID encoding disabled. | 57+------------+-----------------------------------------------------------------+ 58| |TFMV-5| | ``psa_fwu_write()`` may cause buffer overflow in SPE. | 59+------------+-----------------------------------------------------------------+ 60 61.. _issue tracker: https://developer.trustedfirmware.org/project/view/2/ 62.. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-m 63 64.. |TFMV-1| replace:: :ref:`security/security_advisories/stack_seal_vulnerability:Advisory TFMV-1` 65.. |TFMV-2| replace:: :ref:`security/security_advisories/svc_caller_sp_fetching_vulnerability:Advisory TFMV-2` 66.. |TFMV-3| replace:: :ref:`security/security_advisories/crypto_multi_part_ops_abort_fail:Advisory TFMV-3` 67.. |TFMV-4| replace:: :ref:`security/security_advisories/profile_small_key_id_encoding_vulnerability:Advisory TFMV-4` 68.. |TFMV-5| replace:: :ref:`security/security_advisories/fwu_write_vulnerability:Advisory TFMV-5` 69 70.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/ 71 72.. _Security Incident Process: https://developer.trustedfirmware.org/w/collaboration/security_center/reporting/ 73 74-------------- 75 76*Copyright (c) 2020-2022, Arm Limited. All rights reserved.* 77
