Page MenuHomePhabricator

Drivers should be de-privileged
Open, Needs TriagePublic


The largest attack surface against TF-A is the drivers, as they interact with untrusted external hardware. It should be possible for most of these drivers to be de-privileged so that they run in NS-EL1 (or even NS-EL0) and have access only to the hardware they are driving. DMA attacks will be prevented using SMMU, TrustZone, or the ARMv9 Granule Protection Check.

Event Timeline

DemiMarie created this task.Fri, Jan 6, 6:53 PM