docs(threat-model): cover threats inherent to receiving data over UART

TF-A supports reading input data from UART interfaces. This opens up
an attack vector for arbitrary data to be injected into TF-A, which is
not covered in the threat model right now.

Fill this gap by:

 - Updating the data flow diagrams. Data may flow from the UART into
   TF-A (and not only the other way around).

 - Documenting the threats inherent to reading untrusted data from a
   UART.

Change-Id: I508da5d2f7ad5d20717b958d76ab9337c5eca50f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

docs/resources/diagrams/plantuml/tfa_dfd.puml

@@ -25,7 +25,7 @@ digraph tfa_dfd {
     nsec [label="Non-secure\nClients"]
     sec [label="Secure\nClients"]
     dbg [label="Debug & Trace"]
-    logs [label="Logs\n(UART)"]
+    uart [label="UART"]
     nvm [label="Non-volatile\nMemory"]
 
     # Trust boundary cluster
@@ -56,7 +56,7 @@ digraph tfa_dfd {
 
     # Interactions between nodes
     nvm -> bl31 [lhead=cluster_tfa label="DF1"]
-    logs -> bl31 [dir="back" lhead=cluster_tfa label="DF2"]
+    uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
     dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
     sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
     nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]

docs/resources/diagrams/plantuml/tfa_rss_dfd.puml

@@ -25,7 +25,7 @@ digraph tfa_dfd {
     nsec [label="Non-secure\nClients"]
     sec [label="Secure\nClients"]
     dbg [label="Debug & Trace"]
-    logs [label="Logs\n(UART)"]
+    uart [label="UART"]
     nvm [label="Non-volatile\nMemory"]
 
 
@@ -65,7 +65,7 @@ digraph tfa_dfd {
 
     # Interactions between nodes
     nvm -> bl31 [lhead=cluster_tfa label="DF1"]
-    logs -> bl31 [dir="back" lhead=cluster_tfa label="DF2"]
+    uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
     dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
     sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
     nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]

docs/threat_model/threat_model.rst

@@ -63,8 +63,10 @@ are considered untrusted by TF-A.
   |                 |   images include TF-A BL2 and BL31 images, as well as  |
   |                 |   other secure and non-secure images.                  |
   +-----------------+--------------------------------------------------------+
-  |       DF2       | | TF-A log system framework outputs debug messages     |
-  |                 |   over a UART interface.                               |
+  |       DF2       | | TF-A log system framework outputs debug or           |
+  |                 |   informative messages over a UART interface.          |
+  |                 |                                                        |
+  |                 | | Also, characters can be read from a UART interface.  |
   +-----------------+--------------------------------------------------------+
   |       DF3       | | Debug and trace IP on a platform can allow access    |
   |                 |   to registers and memory of TF-A.                     |
@@ -552,6 +554,57 @@ General Threats for All Firmware Images
 |                        |   soon as they are not needed anymore.              |
 +------------------------+-----------------------------------------------------+
 | Mitigations            | | Yes / Platform specific                           |
+| implemented?           |                                                     |
++------------------------+-----------------------------------------------------+
+
+
++------------------------+-----------------------------------------------------+
+| ID                     | 15                                                  |
++========================+=====================================================+
+| Threat                 | | **Improper handling of input data received over   |
+|                        |   a UART interface may allow an attacker to tamper  |
+|                        |   with TF-A execution environment.**                |
+|                        |                                                     |
+|                        | | The consequences of the attack depend on the      |
+|                        |   the exact usage of input data received over UART. |
+|                        |   Examples are injection of arbitrary data,         |
+|                        |   sensitive data tampering, influencing the         |
+|                        |   execution path, denial of service (if using       |
+|                        |   blocking I/O). This list may not be exhaustive.   |
++------------------------+-----------------------------------------------------+
+| Diagram Elements       | DF2, DF4, DF5                                       |
++------------------------+-----------------------------------------------------+
+| Affected TF-A          | BL1, BL2, BL31                                      |
+| Components             |                                                     |
++------------------------+-----------------------------------------------------+
+| Assets                 | Sensitive Data, Code Execution, Availability        |
++------------------------+-----------------------------------------------------+
+| Threat Agent           | NSCode, SecCode                                     |
++------------------------+-----------------------------------------------------+
+| Threat Type            | Tampering, Information Disclosure, Denial of        |
+|                        | service, Elevation of privilege.                    |
++------------------------+-------------------+----------------+----------------+
+| Application            | Server            | IoT            | Mobile         |
++------------------------+-------------------+----------------+----------------+
+| Impact                 |  Critical (5)     | Critical (5)   | Critical (5)   |
++------------------------+-------------------+----------------+----------------+
+| Likelihood             |  Critical (5)     | Critical (5)   | Critical (5)   |
++------------------------+-------------------+----------------+----------------+
+| Total Risk Rating      |  Critical (25)    | Critical (25)  | Critical (25)  |
++------------------------+-------------------+----------------+----------------+
+| Mitigations            | | By default, the code to read input data from UART |
+|                        |   interfaces is disabled (see `ENABLE_CONSOLE_GETC` |
+|                        |   build option). It should only be enabled on a     |
+|                        |   need basis.                                       |
+|                        |                                                     |
+|                        | | Data received over UART interfaces should be      |
+|                        |   treated as untrusted data. As such, it should be  |
+|                        |   properly sanitized and handled with caution.      |
++------------------------+-----------------------------------------------------+
+| Mitigations            | | Platform specific.                                |
+| implemented?           |                                                     |
+|                        | | Generic code does not read any input data from    |
+|                        |   UART interface(s).                                |
 +------------------------+-----------------------------------------------------+
 
 

docs/threat_model/threat_model_fvp_r.rst

@@ -90,8 +90,10 @@ implementation:
       and since the MPU configuration is equivalent with that for the fvp
       platform and others, this is not expected to be a concern.
 
+    - ID 15:  Improper handling of input data received over a UART interface may
+      allow an attacker to tamper with TF-A execution environment.
 
 
 --------------
 
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*