Commit Graph

33 Commits

Author SHA1 Message Date
Flavio Ceolin b7d27b94df doc: security: Avoid confusion with code guideline
Security documentation contains a code guideline section that is more
about security principles than code guidelines itself. Just removing
the mention do code guideline to avoid possible confusions with
upcoming project code guideline based on MISRA-C.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2020-07-07 19:29:21 -04:00
David Brown b32b5e151a doc: security: Release CVEs from embargo
These CVEs have been released from embargo.  Include details in the v2.3
release notes, and in the vulnerabilities document.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-06-04 22:11:31 +02:00
David Brown ed2d263e0c doc: release notes: Update security notes for 2.3
Add information about security issues addressed in the v2.3.0 release.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-05-11 23:13:32 +02:00
David Brown 6fa228efac doc: vulnerabilities: Document public CVEs
Include documentation for CVE issues that are now out of embargo.  This
includes links to the CVE database, as well as referencing the PRs
within Zephyr that fix these issues.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-05-11 22:50:02 +02:00
David Brown 99374d7808 doc: security: Update vulnerability disclosure
Changes to the security vulnerability reflecting policy changes approved
by the board.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-05-02 11:37:43 -04:00
David Brown 4759da8819 doc: security: Create a vulnerabilities report
In addition to having security vulnerability fixes reported within each
release note page, consolidate all of them in a new vulnerabilities
document.

This gives us two advantages: 1. The vulnerabilities can easily be
referenced in a single place, which is useful for someone trying to
cross reference against CVE lists, and 2. It allows a release to be made
with just CVE numbers when issues are under embargo, and the details can
be added to this vulnerabilities page.  The release notes will be locked
to a tag, and updates will not be visible.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-03-05 12:39:13 +02:00
Flavio Ceolin b5bb4cd085 doc: security: Add hardening tool information
Add basic reference to hardening tool.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
2020-02-06 23:05:38 -05:00
Ulf Magnusson 984bfae831 global: Remove leading/trailing blank lines in files
Remove leading/trailing blank lines in .c, .h, .py, .rst, .yml, and
.yaml files.

Will avoid failures with the new CI test in
https://github.com/zephyrproject-rtos/ci-tools/pull/112, though it only
checks changed files.

Move the 'target-notes' target in boards/xtensa/odroid_go/doc/index.rst
to get rid of the trailing blank line there. It was probably misplaced.

Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
2019-12-11 19:17:27 +01:00
Thomas Ebert Hansen d83f926c38 doc: security: Change link to development model.
The development model docs are now part of the technical docs.

Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
2019-03-26 22:21:59 -04:00
Thomas Ebert Hansen 2203489f6d doc: security: Update embargo period
The embargo period is 60 days.

Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
2019-03-26 22:21:59 -04:00
Thomas Ebert Hansen eb34b86fe5 doc: security: Correct indentation
Use similar indentation as the other bullet points above.

Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
2019-03-26 22:21:59 -04:00
Thomas Ebert Hansen bb881d2d9d doc: security: Update Security Group definition
Rewrite who the members of the Security Group are
and move the 'ability' of the members to an outer
bullet point.

Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
2019-03-26 22:21:59 -04:00
Thomas Ebert Hansen f1ad50f85a doc: security: Reword unintelligible sentences
The sentence "To process process documentation." does not make
any sense at all.

Add missing "the" to the sentence "in form of".

Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
2019-03-26 22:21:59 -04:00
Thomas Ebert Hansen 7166e35487 doc: security: Correct statement about Coverity
Remove statement that static code analysis is planned for the future.

Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
2019-03-26 22:21:59 -04:00
Thomas Ebert Hansen 0f0103e0b1 doc: security: Unify citations
Use similar style for citations.
Add online references where applicable.

Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
2019-03-26 22:21:59 -04:00
Thomas Ebert Hansen c9fec3ca7d doc: security: Fix section reference
Replace reference to Chapter 4 with Secure Design section.

Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
2019-03-26 22:21:59 -04:00
Thomas Ebert Hansen 33d1067d25 doc: security: Unify name of security subcommittee
Use the term 'Zephyr Security Subcommittee' where applicable.

Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
2019-03-26 22:21:59 -04:00
Anas Nashif 2b9458c378 doc: restructure and create index pages
Move all lead pages to be index pages and create redirect rules from the
old pointers.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2019-02-05 07:04:40 -05:00
Anas Nashif 4d93a9797f doc: changed structure and layout
Move to the new structure with both:

 - API Reference
 - User and Developer Guides

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2019-02-05 07:04:40 -05:00
David B. Kinder 89db6e3ad3 doc: fix formatting error in security doc
Continuation of a bullet list item wasn't indented properly, causing a
new list to be started (with odd indentation).

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2019-01-24 18:27:27 -05:00
Anas Nashif 6b22a93286 doc: remove leading 'Zephyr' for some documentation sections
This is redundant information. We already know we are Zephyr.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2019-01-07 10:31:51 -05:00
David Brown 00ef6b5e3c doc: Enumerate threats in model
Certain external requirements require justification that threats in a
threat model have been satisfied.  In order to do this, the threats must
be enumerated, and given labels.

Add labels to the threats.  Use rts's citation model to allow the
threats to be grouped and listed at the end of the document to help with
cross referencing.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-06-22 12:30:06 -04:00
Andy Gross 8b9042c419 doc: security: Remove revision history
This patch removes the revision history from the security overview
document.  With this file being maintained in git, there is no need
for an additional in-document revision history table.

Signed-off-by: Andy Gross <andy.gross@linaro.org>
2018-06-07 18:05:01 -05:00
Andy Gross 2825f79a2c doc: security: Update security overview for recent features
This patch revises the security overview document to bring the
information pertaining to stack protection, thread separation,
and memory protection up to date with the current state of the
software releases.

Signed-off-by: Andy Gross <andy.gross@linaro.org>
2018-06-07 18:05:01 -05:00
David B. Kinder 7760b941f9 doc: fix misspellings in docs
Scan and fix misspellings missed during regular reviews.

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2018-06-01 09:01:43 -04:00
David Brown a7ffc83bcc doc: Create a sensor threat model doc
Add a doc to the security section enumerating a threat model for a
sensor-type device.  This will help the direction of work to meet these
security requirements for this particular application.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-05-25 17:23:07 -04:00
David B. Kinder c5615aada4 doc: change https://zephyrproject.org/doc refs
Remove extra indirection to documentation (and required
server link redirection) from https://zephyrproject.org/doc/...
to http://docs.zephyrproject.org/...

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2018-05-02 18:32:44 -04:00
Andy Gross ff22490d56 doc: Update security feature information
This patch updates information pertaining to userspace related security
features.  Some of these have been added to releases and this needs to
be shown in the document.

Signed-off-by: Andy Gross <andy.gross@linaro.org>
2018-02-12 13:47:19 -05:00
Andy Gross ede2dc6ae1 doc: Update security vulnerabilities email address
This patch fixes the email used for reporting security
vulnerabilities.

Signed-off-by: Andy Gross <andy.gross@linaro.org>
2017-11-03 14:19:08 -07:00
Anas Nashif 780324b8ed cleanup: rename fiber/task -> thread
We still have many places talking about tasks and threads, replace those
with thread terminology.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
2017-10-30 18:41:15 -04:00
David B. Kinder 8c708fd049 doc: fix misspellings and hyphen use
fixed error introduced in application.rst (v1.8) along with a general
spelling check pass including consistent spelling of "runtime" and
hyphenated words with "pre-"

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2017-09-20 15:33:43 -04:00
David B. Kinder 19d9d41921 doc: fix broken wiki reference
Reference to the Development Model should point to GitHub wiki

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2017-09-06 14:50:42 -05:00
David B. Kinder 1257bdc9ec doc: add project security docs
While we're working on doc publishing that separates
kernel docs that are release-specific from project docs
that aren't, (temporarily) put the security documents
here so they'll be published with the 1.9 release.

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2017-08-17 23:20:40 -04:00