diff --git a/docs/acknowledgements.rst b/docs/acknowledgements.rst index 095b5ad..5f2d5bc 100644 --- a/docs/acknowledgements.rst +++ b/docs/acknowledgements.rst @@ -1,12 +1,12 @@ +Contributor Acknowledgements +============================ + **Note: This file is only relevant for legacy contributions, to acknowledge the specific contributors referred to in "Arm Limited and Contributors" copyright notices. As contributors are now encouraged to put their name or company name directly into the copyright notices, this file is not relevant for new contributions.** -Contributor Acknowledgements -============================ - Companies --------- diff --git a/docs/change-log.rst b/docs/change-log.rst index 6893582..76ec070 100644 --- a/docs/change-log.rst +++ b/docs/change-log.rst @@ -1,5 +1,5 @@ -Trusted Firmware-A Release Notes -================================ +Change Log & Release Notes +========================== This document contains a summary of the new features, changes, fixes and known issues in each release of Trusted Firmware-A. diff --git a/docs/components/arm-sip-service.rst b/docs/components/arm-sip-service.rst index 6cdac83..9cbf199 100644 --- a/docs/components/arm-sip-service.rst +++ b/docs/components/arm-sip-service.rst @@ -1,5 +1,5 @@ -Arm SiP Service -=============== +Arm SiP Services +================ This document enumerates and describes the Arm SiP (Silicon Provider) services. diff --git a/docs/components/exception-handling.rst b/docs/components/exception-handling.rst index e3684f1..b370c02 100644 --- a/docs/components/exception-handling.rst +++ b/docs/components/exception-handling.rst @@ -1,8 +1,5 @@ -Exception Handling Framework in Trusted Firmware-A -================================================== - - - +Exception Handling Framework +============================ .. contents:: :depth: 2 diff --git a/docs/components/firmware-update.rst b/docs/components/firmware-update.rst index f3ad6af..8124097 100644 --- a/docs/components/firmware-update.rst +++ b/docs/components/firmware-update.rst @@ -1,8 +1,5 @@ -Trusted Firmware-A - Firmware Update design guide -================================================= - - - +Firmware Update (FWU) +===================== .. contents:: diff --git a/docs/components/platform-interrupt-controller-API.rst b/docs/components/platform-interrupt-controller-API.rst index 42d92be..5c2293f 100644 --- a/docs/components/platform-interrupt-controller-API.rst +++ b/docs/components/platform-interrupt-controller-API.rst @@ -1,7 +1,5 @@ -Platform Interrupt Controller API documentation -=============================================== - - +Platform Interrupt Controller API +================================= .. contents:: diff --git a/docs/components/ras.rst b/docs/components/ras.rst index f329fb0..4c16009 100644 --- a/docs/components/ras.rst +++ b/docs/components/ras.rst @@ -1,7 +1,5 @@ -RAS support in Trusted Firmware-A -================================= - - +Reliability, Availability, and Serviceability (RAS) Extensions +============================================================== .. contents:: :depth: 2 diff --git a/docs/components/secure-partition-manager-design.rst b/docs/components/secure-partition-manager-design.rst index 2c32eba..91a135b 100644 --- a/docs/components/secure-partition-manager-design.rst +++ b/docs/components/secure-partition-manager-design.rst @@ -1,8 +1,5 @@ -******************************* -Secure Partition Manager Design -******************************* - - +Secure Partition Manager +************************ .. contents:: diff --git a/docs/components/xlat-tables-lib-v2-design.rst b/docs/components/xlat-tables-lib-v2-design.rst index d55f010..26e4f2b 100644 --- a/docs/components/xlat-tables-lib-v2-design.rst +++ b/docs/components/xlat-tables-lib-v2-design.rst @@ -1,9 +1,6 @@ -Translation Tables Library Design +Translation (XLAT) Tables Library ================================= - - - .. contents:: diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst index 1bc5015..dc45127 100644 --- a/docs/design/auth-framework.rst +++ b/docs/design/auth-framework.rst @@ -1,8 +1,5 @@ -Abstracting a Chain of Trust -============================ - - - +Authentication Framework & Chain of Trust +========================================= .. contents:: diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst index e7107ba..d6d7b15 100644 --- a/docs/design/firmware-design.rst +++ b/docs/design/firmware-design.rst @@ -1,8 +1,5 @@ -Trusted Firmware-A design -========================= - - - +Firmware Design +=============== .. contents:: diff --git a/docs/design/interrupt-framework-design.rst b/docs/design/interrupt-framework-design.rst index e4ec65a..2a641b1 100644 --- a/docs/design/interrupt-framework-design.rst +++ b/docs/design/interrupt-framework-design.rst @@ -1,8 +1,5 @@ -Trusted Firmware-A interrupt management design guide -==================================================== - - - +Interrupt Management Framework +============================== .. contents:: diff --git a/docs/design/psci-pd-tree.rst b/docs/design/psci-pd-tree.rst index 2e2163a..23c985b 100644 --- a/docs/design/psci-pd-tree.rst +++ b/docs/design/psci-pd-tree.rst @@ -1,8 +1,5 @@ -PSCI Power Domain Tree design -============================= - - - +PSCI Power Domain Tree Structure +================================ .. contents:: diff --git a/docs/design/reset-design.rst b/docs/design/reset-design.rst index 1473851..405b492 100644 --- a/docs/design/reset-design.rst +++ b/docs/design/reset-design.rst @@ -1,5 +1,5 @@ -Trusted Firmware-A reset design -=============================== +CPU Reset +========= diff --git a/docs/design/trusted-board-boot.rst b/docs/design/trusted-board-boot.rst index ae21bf0..76badb6 100644 --- a/docs/design/trusted-board-boot.rst +++ b/docs/design/trusted-board-boot.rst @@ -1,5 +1,5 @@ -Trusted Board Boot Design Guide -=============================== +Trusted Board Boot +================== diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst index cad8b5c..f072843 100644 --- a/docs/getting_started/porting-guide.rst +++ b/docs/getting_started/porting-guide.rst @@ -1,7 +1,5 @@ -Trusted Firmware-A Porting Guide -================================ - - +Porting Guide +============= .. contents:: diff --git a/docs/getting_started/rt-svc-writers-guide.rst b/docs/getting_started/rt-svc-writers-guide.rst index f4d786c..35948b5 100644 --- a/docs/getting_started/rt-svc-writers-guide.rst +++ b/docs/getting_started/rt-svc-writers-guide.rst @@ -1,4 +1,4 @@ -Trusted Firmware-A EL3 runtime service writer's guide +EL3 Runtime Service Writer's Guide ===================================================== diff --git a/docs/getting_started/user-guide.rst b/docs/getting_started/user-guide.rst index 3cc5f3c..894313a 100644 --- a/docs/getting_started/user-guide.rst +++ b/docs/getting_started/user-guide.rst @@ -1,8 +1,5 @@ -Trusted Firmware-A User Guide -============================= - - - +User Guide +========== .. contents:: diff --git a/docs/index.rst b/docs/index.rst index 8eecb3c..b0348f1 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -14,8 +14,8 @@ perf/index security_advisories/index change-log - maintainers acknowledgements + maintainers license Trusted Firmware-A (TF-A) provides a reference implementation of secure world diff --git a/docs/maintainers.rst b/docs/maintainers.rst index 0fa909f..5449faa 100644 --- a/docs/maintainers.rst +++ b/docs/maintainers.rst @@ -1,5 +1,5 @@ -Trusted Firmware-A maintainers -============================== +Maintainers +=========== Trusted Firmware-A (TF-A) is an Arm maintained project. All contributions are ultimately merged by the maintainers listed below. Technical ownership of some diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst index 644f828..def5bf9 100644 --- a/docs/process/coding-guidelines.rst +++ b/docs/process/coding-guidelines.rst @@ -1,7 +1,5 @@ -Trusted Firmware-A Coding Guidelines -==================================== - - +Coding Style & Guidelines +========================= .. contents:: diff --git a/docs/process/contributing.rst b/docs/process/contributing.rst index bd950e5..8f8143f 100644 --- a/docs/process/contributing.rst +++ b/docs/process/contributing.rst @@ -1,5 +1,5 @@ -Contributing to Trusted Firmware-A -================================== +Contributor's Guide +=================== Getting Started --------------- diff --git a/docs/process/index.rst b/docs/process/index.rst index 91f1beb..aa5d6bb 100644 --- a/docs/process/index.rst +++ b/docs/process/index.rst @@ -7,7 +7,7 @@ :numbered: release-information - security-center + security platform-compatibility-policy coding-guidelines contributing diff --git a/docs/process/platform-compatibility-policy.rst b/docs/process/platform-compatibility-policy.rst index e977e63..47b0e7e 100644 --- a/docs/process/platform-compatibility-policy.rst +++ b/docs/process/platform-compatibility-policy.rst @@ -1,5 +1,5 @@ -TF-A Platform Compatibility Policy -================================== +Platform Compatibility Policy +============================= diff --git a/docs/process/release-information.rst b/docs/process/release-information.rst index 5531150..0b5e7d7 100644 --- a/docs/process/release-information.rst +++ b/docs/process/release-information.rst @@ -1,5 +1,5 @@ -TF-A Release Information -======================== +Release Processes +================= .. section-numbering:: :suffix: . diff --git a/docs/process/security-center.rst b/docs/process/security-center.rst deleted file mode 100644 index 672c563..0000000 --- a/docs/process/security-center.rst +++ /dev/null @@ -1,103 +0,0 @@ -Security Center -=============== - -Security Disclosures --------------------- - -We disclose all security vulnerabilities we find or are advised about that are -relevant for ARM Trusted Firmware (TF). We encourage responsible disclosure of -vulnerabilities and inform users as best we can about all possible issues. - -We disclose TF vulnerabilities as Security Advisories. These are listed at the -bottom of this page and announced as issues in the `GitHub issue tracker`_ with -the "security-advisory" tag. You can receive notification emails for these by -watching that project. - -Found a Security Issue? ------------------------ - -Although we try to keep TF secure, we can only do so with the help of the -community of developers and security researchers. - -If you think you have found a security vulnerability, please *do not* report it -in the `GitHub issue tracker`_. Instead send an email to -trusted-firmware-security@arm.com - -Please include: - -* Trusted Firmware version (or commit) affected - -* A description of the concern or vulnerability - -* Details on how to replicate the vulnerability, including: - - - Configuration details - - - Proof of concept exploit code - - - Any additional software or tools required - -We recommend using `this PGP/GPG key`_ for encrypting the information. This key -is also available at http://keyserver.pgp.com and LDAP port 389 of the same -server. The fingerprint for this key is: - -:: - - 1309 2C19 22B4 8E87 F17B FE5C 3AB7 EFCB 45A0 DFD0 - -If you would like replies to be encrypted, please provide your public key. - -Please give us the time to respond to you and fix the vulnerability before going -public. We do our best to respond and fix any issues quickly. We also need to -ensure providers of products that use TF have a chance to consider the -implications of the vulnerability and its remedy. - -Afterwards, we encourage you to write-up your findings about the TF source code. - -Attribution ------------ - -We will name and thank you in the ``change-log.rst`` distributed with the source -code and in any published security advisory. - -Security Advisories -------------------- - -+-----------+------------------------------------------------------------------+ -| ID | Title | -+===========+==================================================================+ -| `TFV-1`_ | Malformed Firmware Update SMC can result in copy of unexpectedly | -| | large data into secure memory | -+-----------+------------------------------------------------------------------+ -| `TFV-2`_ | Enabled secure self-hosted invasive debug interface can allow | -| | normal world to panic secure world | -+-----------+------------------------------------------------------------------+ -| `TFV-3`_ | RO memory is always executable at AArch64 Secure EL1 | -+-----------+------------------------------------------------------------------+ -| `TFV-4`_ | Malformed Firmware Update SMC can result in copy or | -| | authentication of unexpected data in secure memory in AArch32 | -| | state | -+-----------+------------------------------------------------------------------+ -| `TFV-5`_ | Not initializing or saving/restoring PMCR_EL0 can leak secure | -| | world timing information | -+-----------+------------------------------------------------------------------+ -| `TFV-6`_ | Arm Trusted Firmware exposure to speculative processor | -| | vulnerabilities using cache timing side-channels | -+-----------+------------------------------------------------------------------+ -| `TFV-7`_ | Trusted Firmware-A exposure to cache speculation vulnerability | -| | Variant 4 | -+-----------+------------------------------------------------------------------+ -| `TFV-8`_ | Not saving x0 to x3 registers can leak information from one | -| | Normal World SMC client to another | -+-----------+------------------------------------------------------------------+ - -.. _GitHub issue tracker: https://github.com/ARM-software/tf-issues/issues -.. _this PGP/GPG key: security-reporting.asc -.. _TFV-1: ./security_advisories/security-advisory-tfv-1.rst -.. _TFV-2: ./security_advisories/security-advisory-tfv-2.rst -.. _TFV-3: ./security_advisories/security-advisory-tfv-3.rst -.. _TFV-4: ./security_advisories/security-advisory-tfv-4.rst -.. _TFV-5: ./security_advisories/security-advisory-tfv-5.rst -.. _TFV-6: ./security_advisories/security-advisory-tfv-6.rst -.. _TFV-7: ./security_advisories/security-advisory-tfv-7.rst -.. _TFV-8: ./security_advisories/security-advisory-tfv-8.rst diff --git a/docs/process/security.rst b/docs/process/security.rst new file mode 100644 index 0000000..b4831c8 --- /dev/null +++ b/docs/process/security.rst @@ -0,0 +1,103 @@ +Security Handling +================= + +Security Disclosures +-------------------- + +We disclose all security vulnerabilities we find or are advised about that are +relevant for ARM Trusted Firmware (TF). We encourage responsible disclosure of +vulnerabilities and inform users as best we can about all possible issues. + +We disclose TF vulnerabilities as Security Advisories. These are listed at the +bottom of this page and announced as issues in the `GitHub issue tracker`_ with +the "security-advisory" tag. You can receive notification emails for these by +watching that project. + +Found a Security Issue? +----------------------- + +Although we try to keep TF secure, we can only do so with the help of the +community of developers and security researchers. + +If you think you have found a security vulnerability, please *do not* report it +in the `GitHub issue tracker`_. Instead send an email to +trusted-firmware-security@arm.com + +Please include: + +* Trusted Firmware version (or commit) affected + +* A description of the concern or vulnerability + +* Details on how to replicate the vulnerability, including: + + - Configuration details + + - Proof of concept exploit code + + - Any additional software or tools required + +We recommend using `this PGP/GPG key`_ for encrypting the information. This key +is also available at http://keyserver.pgp.com and LDAP port 389 of the same +server. The fingerprint for this key is: + +:: + + 1309 2C19 22B4 8E87 F17B FE5C 3AB7 EFCB 45A0 DFD0 + +If you would like replies to be encrypted, please provide your public key. + +Please give us the time to respond to you and fix the vulnerability before going +public. We do our best to respond and fix any issues quickly. We also need to +ensure providers of products that use TF have a chance to consider the +implications of the vulnerability and its remedy. + +Afterwards, we encourage you to write-up your findings about the TF source code. + +Attribution +----------- + +We will name and thank you in the ``change-log.rst`` distributed with the source +code and in any published security advisory. + +Security Advisories +------------------- + ++-----------+------------------------------------------------------------------+ +| ID | Title | ++===========+==================================================================+ +| `TFV-1`_ | Malformed Firmware Update SMC can result in copy of unexpectedly | +| | large data into secure memory | ++-----------+------------------------------------------------------------------+ +| `TFV-2`_ | Enabled secure self-hosted invasive debug interface can allow | +| | normal world to panic secure world | ++-----------+------------------------------------------------------------------+ +| `TFV-3`_ | RO memory is always executable at AArch64 Secure EL1 | ++-----------+------------------------------------------------------------------+ +| `TFV-4`_ | Malformed Firmware Update SMC can result in copy or | +| | authentication of unexpected data in secure memory in AArch32 | +| | state | ++-----------+------------------------------------------------------------------+ +| `TFV-5`_ | Not initializing or saving/restoring PMCR_EL0 can leak secure | +| | world timing information | ++-----------+------------------------------------------------------------------+ +| `TFV-6`_ | Arm Trusted Firmware exposure to speculative processor | +| | vulnerabilities using cache timing side-channels | ++-----------+------------------------------------------------------------------+ +| `TFV-7`_ | Trusted Firmware-A exposure to cache speculation vulnerability | +| | Variant 4 | ++-----------+------------------------------------------------------------------+ +| `TFV-8`_ | Not saving x0 to x3 registers can leak information from one | +| | Normal World SMC client to another | ++-----------+------------------------------------------------------------------+ + +.. _GitHub issue tracker: https://github.com/ARM-software/tf-issues/issues +.. _this PGP/GPG key: security-reporting.asc +.. _TFV-1: ./security_advisories/security-advisory-tfv-1.rst +.. _TFV-2: ./security_advisories/security-advisory-tfv-2.rst +.. _TFV-3: ./security_advisories/security-advisory-tfv-3.rst +.. _TFV-4: ./security_advisories/security-advisory-tfv-4.rst +.. _TFV-5: ./security_advisories/security-advisory-tfv-5.rst +.. _TFV-6: ./security_advisories/security-advisory-tfv-6.rst +.. _TFV-7: ./security_advisories/security-advisory-tfv-7.rst +.. _TFV-8: ./security_advisories/security-advisory-tfv-8.rst