TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / arthur / trustedfirmware-a / b908814c74f5c5d4a9f2b86f341f38a3948527a9^! / . / docs / threat_model / index.rst
commitb908814c74f5c5d4a9f2b86f341f38a3948527a9[log] [tgz]
authorlaurenw-arm <lauren.wehrmeister@arm.com>Fri Dec 08 15:00:07 2023 -0600
committerlaurenw-arm <lauren.wehrmeister@arm.com>Fri Jan 19 14:50:24 2024 -0600
tree0ee8a50baccc14390f3f53c1fb87da8c42b617ac
parent57410eebe697546e4d66f5b70acbc68131b28cb1 [diff] [blame]
docs(threat-model): supply chain threat model TF-A

Software supply chain attacks aim to inject malicious code into a
software product. There are several ways a malicious code can be
injected into a software product (open-source project).

These include:
- Malicious code commits
- Malicious dependencies
- Malicious toolchains

This document provides analysis of software supply chain attack
threats for the TF-A project

Change-Id: I03545d65a38dc372f3868a16c725b7378640a771
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>

diff --git a/docs/threat_model/index.rst b/docs/threat_model/index.rst
index 234c2f4..446e610 100644
--- a/docs/threat_model/index.rst
+++ b/docs/threat_model/index.rst

@@ -4,41 +4,14 @@
 Threat modeling is an important part of Secure Development Lifecycle (SDL)
 that helps us identify potential threats and mitigations affecting a system.
 
-As the TF-A codebase is highly configurable to allow tailoring it best for each
-platform's needs, providing a holistic threat model covering all of its features
-is not necessarily the best approach. Instead, we provide a collection of
-documents which, together, form the project's threat model. These are
-articulated around a core document, called the :ref:`Generic Threat Model`,
-which focuses on the most common configuration we expect to see. The other
-documents typically focus on specific features not covered in the core document.
-
-As the TF-A codebase evolves and new features get added, these threat model
-documents will be updated and extended in parallel to reflect at best the
-current status of the code from a security standpoint.
-
-   .. note::
-
-      Although our aim is eventually to provide threat model material for all
-      features within the project, we have not reached that point yet. We expect
-      to gradually fill these gaps over time.
-
-Each of these documents give a description of the target of evaluation using a
-data flow diagram, as well as a list of threats we have identified using the
-`STRIDE threat modeling technique`_ and corresponding mitigations.
 
 .. toctree::
    :maxdepth: 1
    :caption: Contents
 
-   threat_model
-   threat_model_el3_spm
-   threat_model_fvp_r
-   threat_model_rss_interface
-   threat_model_arm_cca
-   threat_model_fw_update_and_recovery
+   firmware_threat_model/index
+   supply_chain_threat_model
 
 --------------
 
-*Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.*
-
-.. _STRIDE threat modeling technique: https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model
+*Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.*