CWE-1304: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

Description

The product performs a power save/restore operation, but it does not ensure that the integrity of the configuration state is maintained and/or verified between the beginning and ending of the operation.

Submission Date :

July 16, 2020, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

Accellera Systems Initiative
Extended Description

Before powering down, the Intellectual Property (IP) saves current state (S) to persistent storage such as flash or always-on memory in order to optimize the restore operation. During this process, an attacker with access to the persistent storage may alter (S) to a configuration that could potentially modify privileges, disable protections, and/or cause damage to the hardware. If the IP does not validate the configuration state stored in persistent memory, upon regaining power or becoming operational again, the IP could be compromised through the activation of an unwanted/harmful configuration.

Example Vulnerable Codes

Example - 1

The following pseudo code demonstrates thepower save/restore workflow which may lead to weaknessthrough a lack of validation of the config state afterrestore.



void* cfg;cfg = get_config_state();save_config_state(cfg);go_to_sleep();

void* cfg;cfg = get_config_file();load_config_file(cfg);
void save_config_state(){}void restore_config_state(){}

The following pseudo-code is the proper workflow for the integrity checking mitigation:



void* cfg;void* sha;cfg = get_config_state();save_config_state(cfg);// save hash(cfg) to trusted locationsha = get_hash_of_config_state(cfg);save_hash(sha); go_to_sleep();


assert_error_and_halt();
void* cfg;void* sha_1, sha_2;cfg = get_config_file();// restore hash of config from trusted memorysha_1 = get_persisted_sha_value();sha_2 = get_hash_of_config_state(cfg);if (sha_1 != sha_2)load_config_file(cfg);
void save_config_state(){}void restore_config_state(){}

It must be noted that in the previous example ofgood pseudo code, the memory (where the hash of theconfig state is stored) must be trustworthy while thehardware is between the power save and restore states.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-284: Improper Access Control
Go to
CWE-345: Insufficient Verification of Data Authenticity
Go to
CWE-1271: Uninitialized Value on Reset for Registers Holding Security Settings
Go to

Visit http://cwe.mitre.org/ for more details.