######## Security ######## .. toctree:: :maxdepth: 1 Threat Models Security Advisories Security Disclosures -------------------- Trusted Firmware-M (TF-M) disclose all security vulnerabilities, or are advised about, that are relevant to TF-M. TF-M encourage responsible disclosure of vulnerabilities and try the best to inform users about all possible issues. The TF-M vulnerabilities are disclosed as Security Advisories, all of which are listed in the `Security Advisories`_ section. Found a Security Issue? ----------------------- Although TF-M try to keep secure, it can only do so with the help of the community of developers and security researchers. .. warning:: If any security vulnerability was found, please **do not** report it in the `issue tracker`_ or on the `mailing list`_. Instead, please follow the `Security incident process`_. One of the goals of this process is to ensure providers of products that use TF-M have a chance to consider the implications of the vulnerability and its remedy before it is made public. As such, please follow the disclosure plan outlined in the `Security Incident Process`_. TF-M do the best to respond and fix any issues quickly. Afterwards, write-up all the findings about the TF-M source code is highly encouraged. Attribution ----------- TF-M values researchers and community members who report vulnerabilities and TF-M policy is to credit the contributor's name in the published security advisory. .. _issue tracker: https://github.com/TrustedFirmware-M/trusted-firmware-m/issues .. _mailing list: https://lists.trustedfirmware.org/mailman3/lists/tf-m.lists.trustedfirmware.org/ .. _Security incident process: https://trusted-firmware-docs.readthedocs.io/en/latest/security_center/incident_handling_process.html .. _Security Advisories: https://trustedfirmware-m.readthedocs.io/en/latest/security/security_advisories/index.html -------------- *Copyright (c) 2020-2024, Arm Limited. All rights reserved.*