From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by groups.io with SMTP; Wed, 07 Aug 2019 10:46:09 -0700 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7CA7C12BF; Wed, 7 Aug 2019 17:46:08 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (unknown [10.36.118.2]) by smtp.corp.redhat.com (Postfix) with ESMTP id 75B605D717; Wed, 7 Aug 2019 17:46:07 +0000 (UTC) Subject: Re: [edk2-devel] [tianocore-docs EDK_II_Secure_Coding_Guide PATCH] Add Appendix: Threat Mode for EDK II. To: jiewen.yao@intel.com Cc: devel@edk2.groups.io, Vincent Zimmer , Laurie Jarlstrom References: <20190805074733.2876-1-jiewen.yao@intel.com> From: "Laszlo Ersek" Message-ID: <7f352852-40b9-95a4-7474-6f0273ec1f66@redhat.com> Date: Wed, 7 Aug 2019 19:46:06 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20190805074733.2876-1-jiewen.yao@intel.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Wed, 07 Aug 2019 17:46:08 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit (+ Laurie) On 08/05/19 09:47, Yao, Jiewen wrote: > This patch adds "Threat model for EDK II" as the appendix section > > of "EDK II secure coding guide" document. > > > The threat model discussed here is a general guide and serves as the baseline of > > the EDK II firmware. For each specific feature in EDK II firmware, there might be > > additional feature-based threat models in addition to the general threat model. > > > The full gitbook can be also avaiable at > > https://github.com/jyao1/EDK_II_Secure_Coding_Guide/tree/Threat_model. > > > Cc: Vincent Zimmer > Signed-off-by: Jiewen Yao > > Reviewed-by: Vincent Zimmer > > > --- > SUMMARY.md | 6 ++ > appendix_threat_model_for_edk_ii/README.md | 70 +++++++++++++++++++ > .../asset_boot_flow.md | 63 +++++++++++++++++ > .../asset_build_tool.md | 39 +++++++++++ > .../asset_flash_content.md | 59 ++++++++++++++++ > .../asset_management_mode.md | 58 +++++++++++++++ > .../asset_s3_resume.md | 61 ++++++++++++++++ > 7 files changed, 356 insertions(+) > create mode 100644 appendix_threat_model_for_edk_ii/README.md > create mode 100644 appendix_threat_model_for_edk_ii/asset_boot_flow.md > create mode 100644 appendix_threat_model_for_edk_ii/asset_build_tool.md > create mode 100644 appendix_threat_model_for_edk_ii/asset_flash_content.md > create mode 100644 appendix_threat_model_for_edk_ii/asset_management_mode.md > create mode 100644 appendix_threat_model_for_edk_ii/asset_s3_resume.md It looks like we have at least two kinds of documents under , namely: - specs (for edk2) - guides I know of the article at , which presents the specs very nicely. Do we have a similar wiki article about the guides too? (If I use the article search box to the right, and enter "guide", nothing relevant comes up.) Thanks! Laszlo