- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
-
- Home
- :
- i.MX Security
- :
- Knowledge Base
- :
- Authentication Vulnerability when extending the Root of Trust
Authentication Vulnerability when extending the Root of Trust
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Authentication Vulnerability when extending the Root of Trust
Authentication Vulnerability when extending the Root of Trust
Overview
The High Assurance Boot (HAB), provides an option to extend the root of trust beyond the initial primary boot image. An Application Programming Interface (API) is provided by the on-chip ROM that allows the use of the HAB library to extend the root of trust and authenticate additional software images.
A vulnerability has been identified that impacts the use of this HAB library ROM API to extend the root of trust and authenticate additional software images. This vulnerability can be used to bypass signature checks and allow the execution of an un-authenticated software image.
To prevent this vulnerability, simple checks in the customer application software are required, prior to calling the HAB library ROM API to authenticate additional software images. Impacted customers using the NXP BSP Reference software can apply two U-Boot software patches to address this vulnerability completely.
Impact
- Only impacts devices configured in a security-enabled mode (SEC_CONFIG[1] eFUSE is programmed)
- Designs that are not using security-enabled mode are hence not impacted.
- All HAB versions up to 4.3.6 are impacted, only when using the HAB library ROM API to extend the root of trust and authenticate additional software images (e.g. Kernel)
- Customer applications that are not using this optional feature of the HAB library ROM API to authenticate additional software images are hence not impacted.
- This vulnerability does not impact the primary boot image
- Applications extending the root of trust that expose methods (local or remote) to update the product software image may be impacted
- Designs that prevent physical access to the device and do not utilize Over the Air (OTA) updates are not impacted.
Software Mitigation
Two U-Boot software patches to address this vulnerability were incorporated in the L4.9.88_2.0.0-ga software release. All subsequent NXP BSP GA software releases incorporate these checks in the U-Boot bootloader by default.
Hence the mitigations are already incorporated in the latest NXP BSP releases and no further action is required.
MLK-16703: HAB: Check if CSF is valid before authenticating image
MLK-14945: HAB: Check if IVT valid before authenticating image
Customers using U-Boot releases between L4.1.15_1.0.0-ga and L4.9.11_1.0.0-ga can refer to the following Yocto Patch releases.
For customers using older U-Boot Software releases patches are available on request.
Code signing Tool
Customers are recommended to use the latest version of the i.MX High Assurance Boot Reference Code Signing Tool - (CST) that has removed unsupported commands.
Additional Information
- Refer to the Application Note - AN12263 - HABv4 RVT Guidelines & Recommendations and the HAB API Document (Included in the CST package)
- For more details, a Security Bulletin is available on the i.MX Security Portal for customers. For access or further information, please contact your NXP Field Support Representative or enter a support request.
_________________________________________________________________________
Please note this information is preliminary and subject to change. To the best of NXP's knowledge, the information contained herein is accurate and reliable as of the date of publication; however, NXP does not assume any liability for the accuracy and completeness of the information.
