ARM Trusted Platform
Version: 1.0
Authors: David Cervigni
Executive Summary
This section contains an executive summary of the identified threats and their mitigation status
There are 10 unmitigated threats without proposed operational controls.
| Threat ID | CVSS | Always valid? |
|---|---|---|
|
Trusted_Firmware. MALICIOUS_FIRMWARE_UPDATE | 8.6 (High) | Yes |
|
Trusted_Firmware. SECURE_STORAGE_COMPROMISE | 8.1 (High) | Yes |
|
ARM_TrustedPlatform. MALICIOUS_KERNEL_ACCESS | 7.6 (High) | Yes |
|
Trusted_Firmware. BOOTLOADER_ATTACK | 7.6 (High) | Yes |
|
Trusted_Firmware. SUPPLY_CHAIN_INJECTION | 7.0 (High) | Yes |
|
ARM_TrustedPlatform. SIDE_CHANNEL_ATTACK | 6.4 (Medium) | Yes |
|
ARM_TrustedPlatform. FIRMWARE_EXPLOIT | 6.4 (Medium) | Yes |
|
ARM_TrustedPlatform. ROGUE_DEVICE_ACCESS | 6.4 (Medium) | Yes |
|
ARM_TrustedPlatform. SECURE_BOOT_SPOOFING | 6.4 (Medium) | Yes |
|
Trusted_Firmware. RUNTIME_MEMORY_ATTACK | 6.4 (Medium) | Yes |
Threats Summary
This section contains an executive summary of the threats and their mitigation status
There are a total of 10 identified threats of which 10 are not fully mitigated
by default, and 10 are unmitigated without proposed operational controls.
| Threat ID | CVSS | Valid when (condition) | Fully mitigated | Has Operational countermeasures |
|---|---|---|---|---|
|
Trusted_Firmware. MALICIOUS_FIRMWARE_UPDATE |
8.6 (High) | Always valid | ❌ | No |
|
Trusted_Firmware. SECURE_STORAGE_COMPROMISE |
8.1 (High) | Always valid | ❌ | No |
|
ARM_TrustedPlatform. MALICIOUS_KERNEL_ACCESS |
7.6 (High) | Always valid | ❌ | No |
|
Trusted_Firmware. BOOTLOADER_ATTACK |
7.6 (High) | Always valid | ❌ | No |
|
Trusted_Firmware. SUPPLY_CHAIN_INJECTION |
7.0 (High) | Always valid | ❌ | No |
|
ARM_TrustedPlatform. SIDE_CHANNEL_ATTACK |
6.4 (Medium) | Always valid | ❌ | No |
|
ARM_TrustedPlatform. FIRMWARE_EXPLOIT |
6.4 (Medium) | Always valid | ❌ | No |
|
ARM_TrustedPlatform. ROGUE_DEVICE_ACCESS |
6.4 (Medium) | Always valid | ❌ | No |
|
ARM_TrustedPlatform. SECURE_BOOT_SPOOFING |
6.4 (Medium) | Always valid | ❌ | No |
|
Trusted_Firmware. RUNTIME_MEMORY_ATTACK |
6.4 (Medium) | Always valid | ❌ | No |
ARM Trusted Platform - scope of analysis
Overview
NOTE: this is an example is a threat model created by training an LLM
This document outlines potential threats to the ARM Trusted Platform, focusing on threats to trusted execution environments (TEEs), secure boot mechanisms, and the integrity of platform firmware. Countermeasures are included to mitigate these threats.
ARM Trusted Platform security objectives
Data Security:
System Integrity:
Boot Integrity:
Trust Assurance:
Diagram:
Details:
Platform Trust (PLATFORM_TRUST)
Maintain trust in the ARM hardware root of trust and secure firmware updates.
Priority: High
Attack tree:
Secure Boot Integrity (SECURE_BOOT)
Ensure the integrity and authenticity of firmware and boot loaders to prevent unauthorized code execution.
Priority: High
Attack tree:
Trusted Execution Environment Confidentiality (TEE_CONFIDENTIALITY)
Ensure that data and code within ARM TEEs remain confidential and inaccessible to unauthorized entities.
Priority: High
Attack tree:
Trusted Execution Environment Integrity (TEE_INTEGRITY)
Ensure the integrity of data, execution, and communication within ARM TEEs.
Priority: High
Attack tree:
Linked threat Models
- Trusted Firmware (ID: ARM_TrustedPlatform.Trusted_Firmware)
ARM Trusted Platform Threat Actors
Actors, agents, users and attackers may be used as synonymous.
A malicious or compromised kernel attempting to in[...] (MALICIOUS_KERNEL)
- Description:
- A malicious or compromised kernel attempting to interfere with ARM TEE operations.
- In Scope as threat actor:
- Yes
Attackers targeting the ARM hardware, secure eleme[...] (HARDWARE_ATTACKERS)
- Description:
- Attackers targeting the ARM hardware, secure elements, or firmware to bypass protections.
- In Scope as threat actor:
- Yes
Attackers leveraging side-channel analysis to infe[...] (SIDE_CHANNEL_ACTORS)
- Description:
- Attackers leveraging side-channel analysis to infer sensitive information.
- In Scope as threat actor:
- Yes
Assumptions
- PRIVILEGED_ATTACKER
- Attackers may have privileged access (e.g., kernel-level or hypervisor control) and may attempt to subvert trusted components.
- SIDE_CHANNEL_RISK
- Side-channel attacks exploiting timing, power, or electromagnetic leakage are considered potential threats.
ARM Trusted Platform Attack tree
ARM Trusted Platform Threats
Note This section contains the threat and mitigations identified during the analysis phase.
Side-Channel Attacks on TEE (SIDE_CHANNEL_ATTACK)
- Threat actors:
- Threat Description
- Attackers exploit physical or timing-based side channels, such as cache behavior, power consumption, or electromagnetic signals, to infer data processed within the TEE.
- Impact
- Leakage of sensitive information, such as cryptographic keys or private data, through side-channel analysis.
TEE_CONFIDENTIALITY
- CVSS
-
Base score: 6.4 (Medium)
Vector:CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Counter-measures for SIDE_CHANNEL_ATTACK
-
Implement constant-time cryptographic and critical operations to eliminate timing-based side-channel vulnerabilities.
-
Countermeasure in place? ❌ Public and disclosable? ✔
CONSTANT_TIME_ALGORITHMS Use Constant-Time Algorithms
Kernel-Level Attacks on TEE (MALICIOUS_KERNEL_ACCESS)
- Threat actors:
- Threat Description
- A compromised or malicious kernel attempts to read, write, or manipulate memory assigned to the TEE, breaking its isolation guarantees.
- Impact
- Exploitation of kernel-level privileges to interfere with or compromise the ARM TEE.
TEE_INTEGRITY
- CVSS
-
Environmental score: 7.6 (High)
Vector:CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Counter-measures for MALICIOUS_KERNEL_ACCESS
-
Utilize ARM's memory management unit (MMU) and hardware-based isolation mechanisms to prevent unauthorized kernel access to TEE memory.
-
Countermeasure in place? ✔ Public and disclosable? ✔
MEMORY_ISOLATION Enforce Strong Memory Isolation
Exploitation of Insecure Firmware (FIRMWARE_EXPLOIT)
- Threat actors:
- Threat Description
- Attackers inject malicious firmware or exploit bugs in existing firmware to gain control over secure operations, potentially bypassing the TEE or secure boot.
- Impact
- Execution of unauthorized or malicious code by exploiting vulnerabilities in platform firmware.
SECURE_BOOT
- CVSS
-
Base score: 6.4 (Medium)
Vector:CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Counter-measures for FIRMWARE_EXPLOIT
-
Enforce cryptographic signature validation during firmware updates and secure boot processes.
-
Countermeasure in place? ✔ Public and disclosable? ✔
FIRMWARE_VERIFICATION Verify Firmware Signatures
Rogue Peripheral Attacks (ROGUE_DEVICE_ACCESS)
- Threat actors:
- Threat Description
- Malicious devices connected to the platform exploit DMA (Direct Memory Access) or other interfaces to manipulate or extract data from the TEE.
- Impact
- Compromise of TEE operations through unauthorized access or manipulation by malicious peripherals.
TEE_INTEGRITY
TEE_CONFIDENTIALITY
- CVSS
-
Base score: 6.4 (Medium)
Vector:CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Counter-measures for ROGUE_DEVICE_ACCESS
-
Implement IOMMU (Input-Output Memory Management Unit) to limit peripheral access to memory regions used by the TEE.
-
Countermeasure in place? ❌ Public and disclosable? ✔
DMA_PROTECTION Restrict DMA Access
Spoofing Secure Boot (SECURE_BOOT_SPOOFING)
- Threat actors:
- Threat Description
- Attackers intercept or modify the boot process to execute unverified firmware or boot loaders, compromising the root of trust.
- Impact
- Undermining trust in the secure boot process by executing malicious code under the guise of legitimate firmware.
SECURE_BOOT
PLATFORM_TRUST
- CVSS
-
Base score: 6.4 (Medium)
Vector:CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Counter-measures for SECURE_BOOT_SPOOFING
-
Ensure the secure boot process is anchored to an immutable hardware root of trust to verify all stages of the boot chain.
-
Countermeasure in place? ✔ Public and disclosable? ✔
ROOT_OF_TRUST Use Hardware Root of Trust
Trusted Firmware
Version: 1.0
Authors: David Cervigni
Trusted Firmware - scope of analysis
Overview
This document extends the ARM Trusted Platform threat model to focus specifically on threats to Trusted Firmware-A (TF-A). It addresses issues such as firmware integrity, secure storage, and runtime attacks, leveraging details from the Trusted Firmware-A documentation.
Trusted Firmware security objectives
System Integrity:
Runtime Security:
Data Security:
Update Security:
Diagram:
Details:
Firmware Integrity (FIRMWARE_INTEGRITY)
Ensure that firmware is not tampered with during development, deployment, or runtime.
Priority: High
Attack tree:
Runtime Resilience (RUNTIME_RESILIENCE)
Protect the Trusted Firmware during execution, ensuring it cannot be subverted by runtime attacks.
Priority: High
Attack tree:
Secure Firmware Updates (FIRMWARE_UPDATES)
Ensure that firmware updates are authenticated and authorized to prevent malicious firmware from being executed.
Priority: High
Attack tree:
Secure Storage (SECURE_STORAGE)
Protect sensitive data stored by the Trusted Firmware, ensuring confidentiality and integrity.
Priority: High
Attack tree:
Trusted Firmware Threat Actors
Actors, agents, users and attackers may be used as synonymous.
Attackers inserting or modifying firmware to execu[...] (MALICIOUS_FIRMWARE)
- Description:
- Attackers inserting or modifying firmware to execute malicious actions.
- In Scope as threat actor:
- Yes
Attackers exploiting runtime vulnerabilities in Tr[...] (RUNTIME_EXPLOITERS)
- Description:
- Attackers exploiting runtime vulnerabilities in Trusted Firmware.
- In Scope as threat actor:
- Yes
Attackers compromising firmware integrity during t[...] (SUPPLY_CHAIN_ATTACKERS)
- Description:
- Attackers compromising firmware integrity during the development or distribution phases.
- In Scope as threat actor:
- Yes
Assumptions
- PLATFORM_INTEGRITY_RISK
- The platform may be exposed to physical or logical attacks targeting the integrity of firmware components.
- PRIVILEGED_ATTACKERS
- Privileged attackers (e.g., with kernel-level control) may attempt to compromise firmware operations.
Trusted Firmware Attack tree
Trusted Firmware Threats
Note This section contains the threat and mitigations identified during the analysis phase.
Unauthorized Firmware Updates (MALICIOUS_FIRMWARE_UPDATE)
- Threat actors:
- Threat Description
- Attackers distribute unauthorized firmware updates by bypassing signature validation or exploiting insecure update mechanisms.
- Impact
- Execution of unauthorized or malicious firmware due to unverified updates, potentially compromising system integrity.
FIRMWARE_UPDATES
- CVSS
-
Environmental score: 8.6 (High)
Vector:CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Counter-measures for MALICIOUS_FIRMWARE_UPDATE
-
Require all firmware updates to be signed with a trusted cryptographic key before installation.
-
Countermeasure in place? ✔ Public and disclosable? ✔
UPDATE_SIGNING Enforce Update Signing
Runtime Memory Manipulation (RUNTIME_MEMORY_ATTACK)
- Threat actors:
- Threat Description
- Attackers use buffer overflows, heap spraying, or other techniques to manipulate memory used by Trusted Firmware.
- Impact
- Exploitation of vulnerabilities in Trusted Firmware's runtime memory, allowing attackers to inject malicious code or extract sensitive data.
RUNTIME_RESILIENCE
- CVSS
-
Base score: 6.4 (Medium)
Vector:CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Counter-measures for RUNTIME_MEMORY_ATTACK
-
Leverage MPUs to enforce strict memory access policies, preventing unauthorized access or modification of firmware memory.
-
Countermeasure in place? ✔ Public and disclosable? ✔
MEMORY_PROTECTION_UNITS Use Memory Protection Units (MPUs)
Supply Chain Injection (SUPPLY_CHAIN_INJECTION)
- Threat actors:
- Threat Description
- Attackers inject malicious code into firmware during development, testing, or distribution, exploiting weak supply chain controls.
- Impact
- Introduction of malicious firmware into the supply chain, compromising the integrity of devices using the firmware.
FIRMWARE_INTEGRITY
- CVSS
-
Environmental score: 7.0 (High)
Vector:CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Counter-measures for SUPPLY_CHAIN_INJECTION
-
Regularly audit firmware development and distribution processes to detect and mitigate supply chain risks.
-
Countermeasure in place? ❌ Public and disclosable? ✔
SUPPLY_CHAIN_AUDITS Conduct Supply Chain Audits
Secure Storage Breach (SECURE_STORAGE_COMPROMISE)
- Threat actors:
- Threat Description
- Attackers exploit vulnerabilities in secure storage implementations or gain unauthorized access to storage areas.
- Impact
- Breach of confidential data stored by Trusted Firmware, such as encryption keys or sensitive configuration settings.
SECURE_STORAGE
- CVSS
-
Environmental score: 8.1 (High)
Vector:CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Counter-measures for SECURE_STORAGE_COMPROMISE
-
Use strong encryption algorithms to protect data stored by Trusted Firmware, ensuring confidentiality even if storage is compromised.
-
Countermeasure in place? ✔ Public and disclosable? ✔
ENCRYPT_STORAGE Encrypt Sensitive Storage
Bootloader Exploitation (BOOTLOADER_ATTACK)
- Threat actors:
- Threat Description
- Attackers manipulate the bootloader or inject malicious code during the boot process, compromising the root of trust.
- Impact
- Exploitation of vulnerabilities in the bootloader to gain unauthorized control over the system or bypass secure boot mechanisms.
FIRMWARE_INTEGRITY
SECURE_BOOT
- CVSS
-
Environmental score: 7.6 (High)
Vector:CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Counter-measures for BOOTLOADER_ATTACK
-
Use cryptographic signatures to ensure the bootloader has not been tampered with before execution.
-
Countermeasure in place? ✔ Public and disclosable? ✔
SECURE_BOOT_VERIFICATION Verify Bootloader Integrity
Requests For Information
Operational Security Hardening Guide
| Seq | Countermeasure Details |
|---|
Testing guide
This guide lists all testable attacks described in the threat model
| Seq | Attack to test | Pass/Fail/NA |
|---|---|---|