docs(threat-model): revamp threat #9

Reword the description of threat #9 to make it more future-proof for Arm CCA. By avoiding specific references to secure or non-secure contexts, in favour of "worlds" and "security contexts", we make the description equally applicable to 2-world and 4-world architectures. Note that there are other threats that would benefit from such a similar revamp but this is out of scope of this patch. Also list malicious secure world code as a potential threat agent. This seems to be an oversight in the first version of the threat model (i.e. this change is not related to Arm CCA). Change-Id: Id8c8424b0a801104c4f3dc70e344ee702d2b259a Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
3 years ago · 3d6cc21066
1 changed files with 5 additions and 6 deletions
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@ -617,19 +617,18 @@ each diagram element of the data flow diagram.
 | Threat                 | | **Improperly handled SMC calls can leak register   |
 |                        |   contents**                                         |
 |                        |                                                      |
-|                        | | When switching between secure and non-secure       |
-|                        |   states, register contents of Secure world or       |
-|                        |   register contents of other normal world clients    |
-|                        |   can be leaked.                                     |
+|                        | | When switching between worlds, TF-A register state |
+|                        |   can leak to software in different security         |
+|                        |   contexts.                                          |
 +------------------------+------------------------------------------------------+
-| Diagram Elements       | DF5                                                  |
+| Diagram Elements       | DF4, DF5                                             |
 +------------------------+------------------------------------------------------+
 | Affected TF-A          | BL31                                                 |
 | Components             |                                                      |
 +------------------------+------------------------------------------------------+
 | Assets                 | Sensitive Data                                       |
 +------------------------+------------------------------------------------------+
-| Threat Agent           | NSCode                                               |
+| Threat Agent           | NSCode, SecCode                                      |
 +------------------------+------------------------------------------------------+
 | Threat Type            | Information Disclosure                               |
 +------------------------+-------------------+----------------+-----------------+