CWE-1271: Uninitialized Value on Reset for Registers Holding Security Settings

Description

Security-critical logic is not set to a known value on reset.

Submission Date :

May 15, 2020, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

Tortuga Logic

Extended Description

When the device is first brought out of reset, the state of registers will be indeterminate if they have not been initialized by the logic. Before the registers are initialized, there will be a window during which the device is in an insecure state and may be vulnerable to attack.

Example Vulnerable Codes

Example - 1

Shown below is a positive clock edge triggered flip-flop used to implement a lock bit for test and debug interface. When the circuit is first brought out of reset, the state of the flip-flop will be unknown until the enable input and D-input signals update the flip-flop state. In this example, an attacker can reset the device until the test and debug interface is unlocked and access the test interface until the lock signal is driven to a known state by the logic.



if (en) lock_jtag <= d;always @(posedge clk) beginend

The flip-flop can be set to a known value (0 or 1) on reset, but requires that the logic explicitly update the output of the flip-flop if the reset signal is active.



if (~reset) lock_jtag <= 0;else if (en) lock_jtag <= d;
always @(posedge clk) beginend

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-909: Missing Initialization of Resource

Go to

CWE-1304: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

Go to

Visit http://cwe.mitre.org/ for more details.