Security Handling
Security Disclosures
Trusted Firmware-M(TF-M) disclose all security vulnerabilities, or are advised about, that are relevant to TF-M. TF-M encourage responsible disclosure of vulnerabilities and try the best to inform users about all possible issues.
The TF-M vulnerabilities are disclosed as Security Advisories, all of which are listed at the bottom of this page.
Found a Security Issue?
Although TF-M try to keep secure, it can only do so with the help of the community of developers and security researchers.
Warning
If any security vulnerability was found, please do not report it in the issue tracker or on the mailing list. Instead, please follow the TrustedFirmware.org security incident process.
One of the goals of this process is to ensure providers of products that use TF-M have a chance to consider the implications of the vulnerability and its remedy before it is made public. As such, please follow the disclosure plan outlined in the Security Incident Process. TF-M do the best to respond and fix any issues quickly.
Afterwards, write-up all the findings about the TF-M source code is highly encouraged.
Attribution
TF-M values researchers and community members who report vulnerabilities and TF-M policy is to credit the contributor’s name in the published security advisory.
Security Advisories
ID |
Title |
|---|---|
NS world may cause the CPU to perform an unexpected return operation due to unsealed stacks. |
|
Invoking Secure functions from handler mode may cause TF-M IPC model to behave unexpectedly. |
|
|
|
NSPE may access secure keys stored in TF-M Crypto service in Profile Small with Crypto key ID encoding disabled. |
|
|
Copyright (c) 2020-2022, Arm Limited. All rights reserved.