TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-A / trusted-firmware-a / e63f5d129fadf520f42110d9a16c4192cba48784^! / . / docs / process / security-hardening.rst
commite63f5d129fadf520f42110d9a16c4192cba48784[log] [tgz]
authorPaul Beesley <paul.beesley@arm.com>Thu May 16 13:33:18 2019 +0100
committerGyörgy Szing <gyorgy.szing@arm.com>Thu Feb 06 16:25:06 2020 +0000
treef96abecfaa230064da356699cb7c9fbd780f68b3
parent3a415eb9d10447b6354c62ed36b136e44096df2a [diff] [blame]
doc: Split and expand coding style documentation

This patch expands the coding style documentation, splitting it
into two documents: the core style rules and extended guidelines.
Note that it does not redefine or change the coding style (aside
from section 4.6.2) - generally, it is only documenting the
existing style in more detail.

The aim is for the coding style to be more readable and, in turn,
for it to be followed by more people. We can use this as a more
concrete reference when discussing the accepted style with external
contributors.

Change-Id: I87405ace9a879d7f81e6b0b91b93ca69535e50ff
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Petre-Ionut Tudor <petre-ionut.tudor@arm.com>

diff --git a/docs/process/security-hardening.rst b/docs/process/security-hardening.rst
index a18a792..43a5721 100644
--- a/docs/process/security-hardening.rst
+++ b/docs/process/security-hardening.rst

@@ -1,10 +1,30 @@
-Security hardening
-==================
+Secure Development Guidelines
+=============================
 
 This page contains guidance on what to check for additional security measures,
 including build options that can be modified to improve security or catch issues
 early in development.
 
+Security considerations
+-----------------------
+
+Part of the security of a platform is handling errors correctly, as described in
+the previous section. There are several other security considerations covered in
+this section.
+
+Do not leak secrets to the normal world
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The secure world **must not** leak secrets to the normal world, for example in
+response to an SMC.
+
+Handling Denial of Service attacks
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The secure world **should never** crash or become unusable due to receiving too
+many normal world requests (a *Denial of Service* or *DoS* attack). It should
+have a mechanism for throttling or ignoring normal world requests.
+
 Build options
 -------------
 
@@ -53,4 +73,4 @@
 
 --------------
 
-*Copyright (c) 2019, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2020, Arm Limited. All rights reserved.*