Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add check for return code in DeviceKey to avoid injecting invalid ROT #12667

Merged
merged 2 commits into from
Mar 23, 2020
Merged

Add check for return code in DeviceKey to avoid injecting invalid ROT #12667

merged 2 commits into from
Mar 23, 2020

Conversation

boomer41
Copy link
Contributor

@boomer41 boomer41 commented Mar 23, 2020
edited
Loading

Summary of changes

Check return code of the random generator before injecting the root of trust.
Without this check, an invalid - and therefore insecure - ROT may be used like in #9278.
This bug was introduced in #12385.

Impact of changes

Invalid ROTs won't be used.

Migration actions required

None. This bug was introduced in the v6-alpha and therefore isn't critical as the alpha may not be used for production devices.

Documentation

None. This bug was introduced in the v6-alpha and therefore isn't critical as the alpha may not be used for production devices.

Pull request type

[X] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results

[] No Tests required for this change (E.g docs only update)
[X] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

@ciarmcom ciarmcom requested review from a team March 23, 2020 08:00
@ciarmcom
Copy link
Member

@boomer41, thank you for your changes.
@ARMmbed/mbed-os-storage @ARMmbed/mbed-os-maintainers please review.

michalpasztamobica
michalpasztamobica approved these changes Mar 23, 2020
View reviewed changes
Copy link
Contributor

@michalpasztamobica michalpasztamobica left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks OK to me.

VeijoPesonen
VeijoPesonen approved these changes Mar 23, 2020
View reviewed changes
Copy link
Contributor

@VeijoPesonen VeijoPesonen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@VeijoPesonen
Copy link
Contributor

@teetak01 , @JanneKiiskila , @JammuKekkonen for your information.

@0xc0170
Copy link
Contributor

0xc0170 commented Mar 23, 2020

CI started

@mbed-ci
Copy link

mbed-ci commented Mar 23, 2020

Test run: FAILED

Summary: 1 of 7 test jobs failed
Build number : 1
Build artifacts

Failed test jobs:

  • jenkins-ci/mbed-os-ci_greentea-test

@mergify mergify bot added needs: work and removed needs: CI labels Mar 23, 2020
@0xc0170 0xc0170 merged commit ae0ec86 into ARMmbed:master Mar 23, 2020
@mergify mergify bot removed the ready for merge label Mar 23, 2020
@boomer41 boomer41 deleted the fix-devicekey branch March 24, 2020 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JanneKiiskila JanneKiiskila JanneKiiskila left review comments

@0xc0170 0xc0170 0xc0170 approved these changes

@SeppoTakalo SeppoTakalo SeppoTakalo approved these changes

@VeijoPesonen VeijoPesonen VeijoPesonen approved these changes

@michalpasztamobica michalpasztamobica michalpasztamobica approved these changes

Assignees
No one assigned
Labels
release-version: 6.0.0-beta-1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@boomer41 @ciarmcom @VeijoPesonen @0xc0170 @mbed-ci @SeppoTakalo @JanneKiiskila @michalpasztamobica