diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2020-02-07 04:22:22 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-02-07 04:22:22 +0000 |
| commit | d36ae3e4c44c6547467f7ca92298ebad99700cb3 (patch) | |
| tree | 76d9e0cabe45c1ed6d9ea87a5deb9c75c4345653 /docs/process | |
| parent | f94bb7f616791b95961e9d25c0a7b0c79fd45edc (diff) | |
| parent | cabe6937f2c9d0a50e4631c0545bddd650233ae8 (diff) | |
| download | platform_external_arm-trusted-firmware-android11-gsi.tar.gz platform_external_arm-trusted-firmware-android11-gsi.tar.bz2 platform_external_arm-trusted-firmware-android11-gsi.zip | |
Snap for 6188643 from cabe6937f2c9d0a50e4631c0545bddd650233ae8 to rvc-releaseandroid-vts-11.0_r5android-vts-11.0_r4android-vts-11.0_r3android-vts-11.0_r2android-vts-11.0_r1android-security-11.0.0_r1android-platform-11.0.0_r9android-platform-11.0.0_r8android-platform-11.0.0_r7android-platform-11.0.0_r6android-platform-11.0.0_r5android-platform-11.0.0_r4android-platform-11.0.0_r3android-platform-11.0.0_r2android-platform-11.0.0_r10android-platform-11.0.0_r1android-cts-11.0_r5android-cts-11.0_r4android-cts-11.0_r3android-cts-11.0_r2android-cts-11.0_r1android-11.0.0_r5android-11.0.0_r4android-11.0.0_r3android-11.0.0_r25android-11.0.0_r2android-11.0.0_r17android-11.0.0_r1android11-tests-releaseandroid11-security-releaseandroid11-s1-releaseandroid11-releaseandroid11-platform-releaseandroid11-gsi
Change-Id: Id9d1eda28e2f504532858d4c602eeebec865f19e
Diffstat (limited to 'docs/process')
| -rw-r--r-- | docs/process/coding-guidelines.rst | 4 | ||||
| -rw-r--r-- | docs/process/contributing.rst | 53 | ||||
| -rw-r--r-- | docs/process/faq.rst | 13 | ||||
| -rw-r--r-- | docs/process/index.rst | 1 | ||||
| -rw-r--r-- | docs/process/platform-compatibility-policy.rst | 6 | ||||
| -rw-r--r-- | docs/process/release-information.rst | 82 | ||||
| -rw-r--r-- | docs/process/security-hardening.rst | 16 | ||||
| -rw-r--r-- | docs/process/security.rst | 47 |
8 files changed, 69 insertions, 153 deletions
diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst index a53da77b9..cb8b89245 100644 --- a/docs/process/coding-guidelines.rst +++ b/docs/process/coding-guidelines.rst @@ -23,8 +23,8 @@ include: - ``**WARNING: Use of volatile is usually wrong``: see `Why the “volatile” type class should not be used`_ . Although this document - contains some very useful information, there are several legimate uses of the - volatile keyword within the TF codebase. + contains some very useful information, there are several legitimate uses of + the volatile keyword within the TF codebase. Headers and inclusion --------------------- diff --git a/docs/process/contributing.rst b/docs/process/contributing.rst index 66b282c91..f569fcbe7 100644 --- a/docs/process/contributing.rst +++ b/docs/process/contributing.rst @@ -13,8 +13,8 @@ Getting Started raise a separate `issue`_ for this and ensure that the changes that include Third Party IP are made on a separate topic branch. -- Clone `Trusted Firmware-A`_ on your own machine as suggested on the - `User Guide`_. +- Clone `Trusted Firmware-A`_ on your own machine as described in + :ref:`prerequisites_get_source`. - Create a local topic branch based on the `Trusted Firmware-A`_ ``master`` branch. @@ -23,11 +23,10 @@ Making Changes - Make commits of logical units. See these general `Git guidelines`_ for contributing to a project. -- Follow the `Coding Guidelines`_. +- Follow the :ref:`Coding Style & Guidelines`. - Use the checkpatch.pl script provided with the Linux source tree. A - Makefile target is provided for convenience (see the "Checking source code - style" section in the `User Guide`_). + Makefile target is provided for convenience. - Keep the commits on topic. If you need to fix another bug or make another enhancement, please create a separate `issue`_ and address it on a separate @@ -38,12 +37,13 @@ Making Changes an `issue`_, include a reference. - Where appropriate, please update the documentation. - - Consider whether the `User Guide`_, `Porting Guide`_, `Firmware Design`_ - or other in-source documentation needs updating. + - Consider whether the :ref:`Porting Guide`, + :ref:`Firmware Design` document or other in-source documentation needs + updating. - Ensure that each changed file has the correct copyright and license information. Files that entirely consist of contributions to this project should have a copyright notice and BSD-3-Clause SPDX license - identifier of the form as shown in `license.rst`_. Files that contain + identifier of the form as shown in :ref:`license`. Files that contain changes to imported Third Party IP files should retain their original copyright and license notices. For significant contributions you may add your own copyright notice in following format: @@ -57,15 +57,15 @@ Making Changes your company name. - If you are submitting new files that you intend to be the technical sub-maintainer for (for example, a new platform port), then also update - the `Maintainers`_ file. + the :ref:`maintainers` file. - For topics with multiple commits, you should make all documentation changes (and nothing else) in the last commit of the series. Otherwise, include the documentation changes within the single commit. - Please test your changes. As a minimum, ensure that Linux boots on the - Foundation FVP. See `Running the software on FVP`_ for more information. For - more extensive testing, consider running the `TF-A Tests`_ against your - patches. + Foundation FVP. See :ref:`Arm Fixed Virtual Platforms (FVP)` for more + information. For more extensive testing, consider running the `TF-A Tests`_ + against your patches. Submitting Changes ------------------ @@ -75,13 +75,15 @@ Submitting Changes ``Signed-off-by:`` and ``Author:`` lines must match. If anyone else contributes to the commit, they must also add their own ``Signed-off-by:`` line. By adding this line the contributor certifies the contribution is made - under the terms of the `Developer Certificate of Origin (DCO)`_. + under the terms of the + :download:`Developer Certificate of Origin <../../dco.txt>`. More details may be found in the `Gerrit Signed-off-by Lines guidelines`_. - Ensure that each commit also has a unique ``Change-Id:`` line. If you have cloned the repository with the "`Clone with commit-msg hook`" clone method - (as advised on the `User Guide`_), this should already be the case. + (following the :ref:`Prerequisites` document), this should already be the + case. More details may be found in the `Gerrit Change-Ids documentation`_. @@ -89,22 +91,22 @@ Submitting Changes targeting the ``integration`` branch. - The changes will then undergo further review and testing by the - `Maintainers`_. Any review comments will be made directly on your patch. - This may require you to do some rework. + :ref:`maintainers`. Any review comments will be made directly on your + patch. This may require you to do some rework. Refer to the `Gerrit Uploading Changes documentation`_ for more details. -- When the changes are accepted, the `Maintainers`_ will integrate them. +- When the changes are accepted, the :ref:`maintainers` will integrate them. - - Typically, the `Maintainers`_ will merge the changes into the + - Typically, the :ref:`maintainers` will merge the changes into the ``integration`` branch. - If the changes are not based on a sufficiently-recent commit, or if they - cannot be automatically rebased, then the `Maintainers`_ may rebase it on - the ``master`` branch or ask you to do so. + cannot be automatically rebased, then the :ref:`maintainers` may rebase it + on the ``master`` branch or ask you to do so. - After final integration testing, the changes will make their way into the ``master`` branch. If a problem is found during integration, the merge commit will be removed from the ``integration`` branch and the - `Maintainers`_ will ask you to create a new patch set to resolve the + :ref:`maintainers` will ask you to create a new patch set to resolve the problem. Binary Components @@ -132,15 +134,6 @@ Binary Components .. _issue: https://developer.trustedfirmware.org/project/board/1/ .. _Trusted Firmware-A: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git .. _Git guidelines: http://git-scm.com/book/ch5-2.html -.. _Coding Guidelines: ./coding-guidelines.rst -.. _User Guide: ../getting_started/user-guide.rst -.. _Porting Guide: ../getting_started/porting-guide.rst -.. _Firmware Design: ../design/firmware-design.rst -.. _license.rst: ../license.rst -.. _Acknowledgements: ../acknowledgements.rst -.. _Maintainers: ../maintainers.rst -.. _Running the software on FVP: ../getting_started/user-guide.rst#user-content-running-the-software-on-fvp -.. _Developer Certificate of Origin (DCO): ../../dco.txt .. _Gerrit Uploading Changes documentation: https://review.trustedfirmware.org/Documentation/user-upload.html .. _Gerrit Signed-off-by Lines guidelines: https://review.trustedfirmware.org/Documentation/user-signedoffby.html .. _Gerrit Change-Ids documentation: https://review.trustedfirmware.org/Documentation/user-changeid.html diff --git a/docs/process/faq.rst b/docs/process/faq.rst index 6aa04f0a8..2c3658480 100644 --- a/docs/process/faq.rst +++ b/docs/process/faq.rst @@ -37,7 +37,7 @@ This can vary a lot, depending on: conflict between the topics. * If there is a code freeze in place in preparation for the release. Please - refer the `release information`_ for more details. + refer the :ref:`Release Processes` document for more details. * The workload of the TF maintainers. @@ -55,9 +55,9 @@ receiving patches that will not be merged into the release. In this case, the patches will be merged onto ``integration``, which will temporarily diverge from the release branch. The ``integration`` branch will be rebased onto ``master`` after the release, and then ``master`` will be fast-forwarded to ``integration`` -1-2 days later. This whole process could take up 4 weeks. Please refer the -`release information`_ for code freeze dates. The TF maintainers will inform the -patch owner if this is going to happen. +1-2 days later. This whole process could take up 4 weeks. Please refer to the +:ref:`Release Processes` document for code freeze dates. The TF maintainers +will inform the patch owner if this is going to happen. It is OK to create a patch based on commits that are only available in ``integration`` or another patch set, rather than ``master``. There is a risk @@ -73,7 +73,10 @@ but would be after the CI has been transitioned to `trustedfirmware.org`_. Please refer to https://github.com/ARM-software/tf-issues/issues/681 for more details on the timelines. -.. _release information: release-information.rst +-------------- + +*Copyright (c) 2019, Arm Limited. All rights reserved.* + .. _Gerrit Upload Patch Set documentation: https://review.trustedfirmware.org/Documentation/intro-user.html#upload-patch-set .. _Gerrit Replace Changes documentation: https://review.trustedfirmware.org/Documentation/user-upload.html#push_replace .. _trustedfirmware.org: https://www.trustedfirmware.org/ diff --git a/docs/process/index.rst b/docs/process/index.rst index a870c8f57..9c12de82f 100644 --- a/docs/process/index.rst +++ b/docs/process/index.rst @@ -6,7 +6,6 @@ Processes & Policies :caption: Contents :numbered: - release-information security platform-compatibility-policy coding-guidelines diff --git a/docs/process/platform-compatibility-policy.rst b/docs/process/platform-compatibility-policy.rst index a11ba3860..be1f9bac3 100644 --- a/docs/process/platform-compatibility-policy.rst +++ b/docs/process/platform-compatibility-policy.rst @@ -11,7 +11,7 @@ Platform compatibility policy ----------------------------- Platform compatibility is mainly affected by changes to Platform APIs (as -documented in the `Porting Guide`_), driver APIs (like the GICv3 drivers) or +documented in the :ref:`Porting Guide`), driver APIs (like the GICv3 drivers) or library interfaces (like xlat_table library). The project will try to maintain compatibility for upstream platforms. Due to evolving requirements and enhancements, there might be changes affecting platform compatibility which @@ -20,7 +20,7 @@ introduced to replace it. In case the migration to the new interface is trivial, the contributor of the change is expected to make good effort to migrate the upstream platforms to the new interface. -The deprecated interfaces are listed inside `Release information`_ as well as +The deprecated interfaces are listed inside :ref:`Release Processes` as well as the release after which each one will be removed. When an interface is deprecated, the page must be updated to indicate the release after which the interface will be removed. This must be at least 1 full release cycle in future. @@ -33,6 +33,4 @@ the deprecated interface. *Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.* -.. _Porting Guide: ../getting_started/porting-guide.rst -.. _Release information: ./release-information.rst#removal-of-deprecated-interfaces .. _TF-A public mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-a diff --git a/docs/process/release-information.rst b/docs/process/release-information.rst deleted file mode 100644 index b81d42d59..000000000 --- a/docs/process/release-information.rst +++ /dev/null @@ -1,82 +0,0 @@ -Release Processes -================= - -Project Release Cadence ------------------------ - -The project currently aims to do a release once every 6 months which will be -tagged on the master branch. There will be a code freeze (stop merging -non-essential PRs) up to 4 weeks prior to the target release date. The release -candidates will start appearing after this and only bug fixes or updates -required for the release will be merged. The maintainers are free to use their -judgement on what PRs are essential for the release. A release branch may be -created after code freeze if there are significant PRs that need merging onto -the integration branch during the merge window. - -The release testing will be performed on release candidates and depending on -issues found, additional release candidates may be created to fix the issues. - -:: - - |<----------6 months---------->| - |<---4 weeks--->| |<---4 weeks--->| - +-----------------------------------------------------------> time - | | | | - code freeze ver w.x code freeze ver y.z - - -Upcoming Releases -~~~~~~~~~~~~~~~~~ - -These are the estimated dates for the upcoming release. These may change -depending on project requirement and partner feedback. - -+-----------------+---------------------------+------------------------------+ -| Release Version | Target Date | Expected Code Freeze | -+=================+===========================+==============================+ -| v2.0 | 1st week of Oct '18 | 1st week of Sep '18 | -+-----------------+---------------------------+------------------------------+ -| v2.1 | 5th week of Mar '19 | 1st week of Mar '19 | -+-----------------+---------------------------+------------------------------+ - -Removal of Deprecated Interfaces --------------------------------- - -As mentioned in the `Platform compatibility policy`_, this is a live document -cataloging all the deprecated interfaces in TF-A project and the Release version -after which it will be removed. - -+--------------------------------+-------------+---------+---------------------------------------------------------+ -| Interface | Deprecation | Removed | Comments | -| | Date | after | | -| | | Release | | -+================================+=============+=========+=========================================================+ -| Legacy Console API | Jan '18 | v2.1 | Deprecated in favour of ``MULTI_CONSOLE_API`` | -+--------------------------------+-------------+---------+---------------------------------------------------------+ -| Weak default | Oct '18 | v2.1 | The default implementations are defined in | -| ``plat_crash_console_*`` | | | `crash_console_helpers.S`_. The platforms have to | -| APIs | | | define ``plat_crash_console_*``. | -+--------------------------------+-------------+---------+---------------------------------------------------------+ -| ``finish_console_register`` | Oct '18 | v2.1 | The old version of the macro is deprecated. See commit | -| macro in | | | cc5859c_ for more details. | -| ``MULTI_CONSOLE_API`` | | | | -+--------------------------------+-------------+---------+---------------------------------------------------------+ -| Types ``tzc_action_t`` and | Oct '18 | v2.1 | Using logical operations such as OR in enumerations | -| ``tzc_region_attributes_t`` | | | goes against the MISRA guidelines. | -+--------------------------------+-------------+---------+---------------------------------------------------------+ -| Macro ``EL_IMPLEMENTED()`` | Oct '18 | v2.1 | Deprecated in favour of ``el_implemented()``. | -+--------------------------------+-------------+---------+---------------------------------------------------------+ -| ``get_afflvl_shift()``, | Dec '18 | v2.1 | Removed. | -| ``mpidr_mask_lower_afflvls()``,| | | | -| and ``eret()``. | | | | -+--------------------------------+-------------+---------+---------------------------------------------------------+ -| Extra include paths in the | Jan '18 | v2.1 | Now it is needed to use the full path of the common | -| Makefile in ``INCLUDES``. | | | header files. More information in commit 09d40e0e0828_. | -+--------------------------------+-------------+---------+---------------------------------------------------------+ - -*Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.* - -.. _Platform compatibility policy: platform-compatibility-policy.rst -.. _crash_console_helpers.S: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/common/aarch64/crash_console_helpers.S -.. _cc5859c: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=cc5859ca19ff546c35eb0331000dae090b6eabcf -.. _09d40e0e0828: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=09d40e0e08283a249e7dce0e106c07c5141f9b7e diff --git a/docs/process/security-hardening.rst b/docs/process/security-hardening.rst index e2c68b8fe..a18a79203 100644 --- a/docs/process/security-hardening.rst +++ b/docs/process/security-hardening.rst @@ -9,7 +9,7 @@ Build options ------------- Several build options can be used to check for security issues. Refer to the -`user guide`_ for detailed information on the specific build options. +:ref:`Build Options` for detailed information on these. - The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer Authentication and Branch Target Identification. @@ -30,20 +30,18 @@ Several build options can be used to check for security issues. Refer to the - W=1 - Adds ``Wextra``, ``Wmissing-declarations``, ``Wmissing-format-attribute``, - ``Wmissing-prototypes``, ``Wold-style-definition`` and - ``Wunused-const-variable``. + Adds ``Wextra``, ``Wmissing-format-attribute``, ``Wmissing-prototypes``, + ``Wold-style-definition`` and ``Wunused-const-variable``. - W=2 Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``, - ``Wshadow``, ``Wlogical-op``, ``Wmissing-field-initializers`` and - ``Wsign-compare``. + ``Wshadow``, ``Wlogical-op``. - W=3 Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``, - ``Wpadded``, ``Wpointer-arith``, ``Wredundant-decls`` and + ``Wpointer-arith``, ``Wredundant-decls`` and ``Wswitch-default``. Refer to the GCC or Clang documentation for more information on the individual @@ -53,6 +51,6 @@ Several build options can be used to check for security issues. Refer to the NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by setting the ``E`` build flag to 0. -*Copyright (c) 2019, Arm Limited. All rights reserved.* +-------------- -.. _user guide: ../getting_started/user-guide.rst +*Copyright (c) 2019, Arm Limited. All rights reserved.* diff --git a/docs/process/security.rst b/docs/process/security.rst index 94eb9c3bf..c3935daa1 100644 --- a/docs/process/security.rst +++ b/docs/process/security.rst @@ -38,9 +38,11 @@ Please include: - Any additional software or tools required -We recommend using `this PGP/GPG key`_ for encrypting the information. This key -is also available at http://keyserver.pgp.com and LDAP port 389 of the same -server. The fingerprint for this key is: +We recommend using :download:`this PGP/GPG key <./security-reporting.asc>` for +encrypting the information. This key is also available at +http://keyserver.pgp.com and LDAP port 389 of the same server. + +The fingerprint for this key is: :: @@ -59,7 +61,7 @@ code. Attribution ----------- -We will name and thank you in the ``change-log.rst`` distributed with the source +We will name and thank you in the :ref:`Change Log & Release Notes` distributed with the source code and in any published security advisory. Security Advisories @@ -68,38 +70,43 @@ Security Advisories +-----------+------------------------------------------------------------------+ | ID | Title | +===========+==================================================================+ -| `TFV-1`_ | Malformed Firmware Update SMC can result in copy of unexpectedly | +| |TFV-1| | Malformed Firmware Update SMC can result in copy of unexpectedly | | | large data into secure memory | +-----------+------------------------------------------------------------------+ -| `TFV-2`_ | Enabled secure self-hosted invasive debug interface can allow | +| |TFV-2| | Enabled secure self-hosted invasive debug interface can allow | | | normal world to panic secure world | +-----------+------------------------------------------------------------------+ -| `TFV-3`_ | RO memory is always executable at AArch64 Secure EL1 | +| |TFV-3| | RO memory is always executable at AArch64 Secure EL1 | +-----------+------------------------------------------------------------------+ -| `TFV-4`_ | Malformed Firmware Update SMC can result in copy or | +| |TFV-4| | Malformed Firmware Update SMC can result in copy or | | | authentication of unexpected data in secure memory in AArch32 | | | state | +-----------+------------------------------------------------------------------+ -| `TFV-5`_ | Not initializing or saving/restoring PMCR_EL0 can leak secure | +| |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure | | | world timing information | +-----------+------------------------------------------------------------------+ -| `TFV-6`_ | Trusted Firmware-A exposure to speculative processor | +| |TFV-6| | Trusted Firmware-A exposure to speculative processor | | | vulnerabilities using cache timing side-channels | +-----------+------------------------------------------------------------------+ -| `TFV-7`_ | Trusted Firmware-A exposure to cache speculation vulnerability | +| |TFV-7| | Trusted Firmware-A exposure to cache speculation vulnerability | | | Variant 4 | +-----------+------------------------------------------------------------------+ -| `TFV-8`_ | Not saving x0 to x3 registers can leak information from one | +| |TFV-8| | Not saving x0 to x3 registers can leak information from one | | | Normal World SMC client to another | +-----------+------------------------------------------------------------------+ .. _issue tracker: https://developer.trustedfirmware.org/project/board/1/ .. _this PGP/GPG key: security-reporting.asc -.. _TFV-1: ../security_advisories/security-advisory-tfv-1.rst -.. _TFV-2: ../security_advisories/security-advisory-tfv-2.rst -.. _TFV-3: ../security_advisories/security-advisory-tfv-3.rst -.. _TFV-4: ../security_advisories/security-advisory-tfv-4.rst -.. _TFV-5: ../security_advisories/security-advisory-tfv-5.rst -.. _TFV-6: ../security_advisories/security-advisory-tfv-6.rst -.. _TFV-7: ../security_advisories/security-advisory-tfv-7.rst -.. _TFV-8: ../security_advisories/security-advisory-tfv-8.rst + +.. |TFV-1| replace:: :ref:`Advisory TFV-1 (CVE-2016-10319)` +.. |TFV-2| replace:: :ref:`Advisory TFV-2 (CVE-2017-7564)` +.. |TFV-3| replace:: :ref:`Advisory TFV-3 (CVE-2017-7563)` +.. |TFV-4| replace:: :ref:`Advisory TFV-4 (CVE-2017-9607)` +.. |TFV-5| replace:: :ref:`Advisory TFV-5 (CVE-2017-15031)` +.. |TFV-6| replace:: :ref:`Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)` +.. |TFV-7| replace:: :ref:`Advisory TFV-7 (CVE-2018-3639)` +.. |TFV-8| replace:: :ref:`Advisory TFV-8 (CVE-2018-19440)` + +-------------- + +*Copyright (c) 2019, Arm Limited. All rights reserved.* |