Détail du CWE-1310

Missing an ability to patch ROM code may leave a System or System-on-Chip (SoC) in a vulnerable state.

A System or System-on-Chip (SoC) that implements a boot process utilizing security mechanisms such as Root-of-Trust (RoT) typically starts by executing code from a Read-only-Memory (ROM) component. The code in ROM is immutable, hence any security vulnerabilities discovered in the ROM code can never be fixed for the systems that are already in use.

A common weakness is that the ROM does not have the ability to patch if security vulnerabilities are uncovered after the system gets shipped. This leaves the system in a vulnerable state where an adversary can compromise the SoC.

Modes d'introduction

Architecture and Design : This issue could be introduced during hardware architecture and design and can be identified later during Testing.
Implementation : This issue could be introduced during implementation and can be identified later during Testing.
Integration : This issue could be introduced during integration and can be identified later during Testing.
Manufacturing : This issue could be introduced during manufacturing and can be identified later during Testing.

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Systèmes d’exploitation

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: System on Chip (Undetermined)

Conséquences courantes

Mesures d’atténuation potentielles

Phases : Architecture and Design // Implementation
Secure patch support to allow ROM code to be patched on the next boot.
Phases : Architecture and Design // Implementation
Support patches that can be programmed in-field or during manufacturing through hardware fuses. This feature can be used for limited patching of devices after shipping, or for the next batch of silicon devices manufactured, without changing the full device ROM.

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Modèles d'attaque associés

Références

REF-1396

riscv_peripherals.sv line 534
https://github.com/HACK-EVENT/hackatdac21/blob/75e5c0700b5a02e744f006fe8a09ff3c2ccdd32d/piton/design/chip/tile/ariane/openpiton/riscv_peripherals.sv#L534

REF-1397

Fix for riscv_peripherals.sv line 534
https://github.com/HACK-EVENT/hackatdac21/blob/cwe_1310_riscv_peripheral/piton/design/chip/tile/ariane/openpiton/riscv_peripherals.sv#L534

Soumission

Modifications