Tag Archives: Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

CWE-1304 – Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation

Read Time:1 Minute, 29 Second

Description

The product performs a power save/restore
operation, but it does not ensure that the integrity of
the configuration state is maintained and/or verified between
the beginning and ending of the operation.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-284
CWE-345
CWE-1271

 

Consequences

Confidentiality, Integrity: DoS: Instability, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other), Gain Privileges or Assume Identity, Bypass Protection Mechanism, Alter Execution Logic, Quality Degradation, Unexpected State, Reduce Maintainability, Reduce Performance, Reduce Reliability

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Inside the IP, incorporate integrity checking
on the configuration state via a cryptographic
hash. The hash can be protected inside the IP such as
by storing it in internal registers which never lose
power. Before powering down, the IP performs a hash of
the configuration and saves it in these persistent
registers. Upon restore, the IP performs a hash of the
saved configuration and compares it with the
saved hash. If they do not match, then the IP should
not trust the configuration.

Phase: Integration

Description: 

Outside the IP, incorporate integrity checking
of the configuration state via a trusted agent. Before
powering down, the trusted agent performs a hash of the
configuration and saves the hash in persistent storage.
Upon restore, the IP requests the trusted agent
validate its current configuration. If the
configuration hash is invalid, then the IP should not
trust the configuration.

Phase: Integration

Description: 

Outside the IP, incorporate a protected
environment that prevents undetected modification of
the configuration state by untrusted agents. Before
powering down, a trusted agent saves the IP’s
configuration state in this protected location that
only it is privileged to. Upon restore, the trusted
agent loads the saved state into the IP.

CVE References