Description
The product performs a power save/restore
operation, but it does not ensure that the integrity of
the configuration state is maintained and/or verified between
the beginning and ending of the operation.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
Consequences
Confidentiality, Integrity: DoS: Instability, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other), Gain Privileges or Assume Identity, Bypass Protection Mechanism, Alter Execution Logic, Quality Degradation, Unexpected State, Reduce Maintainability, Reduce Performance, Reduce Reliability
Potential Mitigations
Phase: Architecture and Design
Description:
Inside the IP, incorporate integrity checking
on the configuration state via a cryptographic
hash. The hash can be protected inside the IP such as
by storing it in internal registers which never lose
power. Before powering down, the IP performs a hash of
the configuration and saves it in these persistent
registers. Upon restore, the IP performs a hash of the
saved configuration and compares it with the
saved hash. If they do not match, then the IP should
not trust the configuration.
Phase: Integration
Description:
Outside the IP, incorporate integrity checking
of the configuration state via a trusted agent. Before
powering down, the trusted agent performs a hash of the
configuration and saves the hash in persistent storage.
Upon restore, the IP requests the trusted agent
validate its current configuration. If the
configuration hash is invalid, then the IP should not
trust the configuration.
Phase: Integration
Description:
Outside the IP, incorporate a protected
environment that prevents undetected modification of
the configuration state by untrusted agents. Before
powering down, a trusted agent saves the IP’s
configuration state in this protected location that
only it is privileged to. Upon restore, the trusted
agent loads the saved state into the IP.