Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix] CFI check for TRNG source #954

Merged
merged 8 commits into from
Oct 24, 2023
Merged

[fix] CFI check for TRNG source #954

merged 8 commits into from
Oct 24, 2023

Conversation

mhatrevi
Copy link
Collaborator

@mhatrevi mhatrevi commented Oct 12, 2023
edited
Loading

@mhatrevi mhatrevi added ROM Issue affects ROM Caliptra v1.0 Items required for v1.0 Release Security Audit labels Oct 12, 2023
@mhatrevi mhatrevi linked an issue Oct 12, 2023 that may be closed by this pull request
Triple-verify TRNG MMIO read at CFI initialization in rom_entry #920
Closed
This was linked to issues Oct 13, 2023
Triple call CFI Counter reset when seeding the prng #921
Closed
Mitigate glitching of calls within Trng generate #922
Closed
@mhatrevi mhatrevi force-pushed the vmhatre/more-cfi branch 3 times, most recently from 4938d24 to 8f4d932 Compare October 13, 2023 19:42
@andreslagarcavilla
Copy link
Collaborator

Needs rebase, please.

Also: "The Caliptra ROM is frozen; changes that affect the binary
require approval from the TAC." -- yes approved. This seems noisy at this stage

korran
korran reviewed Oct 19, 2023
View reviewed changes
rom/dev/src/main.rs Outdated Show resolved Hide resolved
@mhatrevi mhatrevi force-pushed the vmhatre/more-cfi branch 5 times, most recently from 6cab855 to 51ed285 Compare October 20, 2023 16:46
nickg-ca
nickg-ca reviewed Oct 20, 2023
View reviewed changes
rom/dev/src/main.rs Outdated Show resolved Hide resolved
@mhatrevi
[fix] Additional CFI checks
4e659ec 
This fix addresses issue# #920 and #921

This fix also hardens the CFI RNG initialization by providing an additional source of entrophy.
korran
korran reviewed Oct 20, 2023
View reviewed changes
rom/dev/src/start.S Outdated Show resolved Hide resolved
korran
korran previously approved these changes Oct 20, 2023
View reviewed changes
@nickg-ca
Copy link

Does this address #922 ? I only noticed that when looking at the compiled assembly which calls ureg:: read_volatile_slice and compiler_builtins::mem::memcpy::memcpy, either of which could be glitched to trigger a buffer overflow. For what it's worth I'm somewhat less concerned about #922 than the other issues.

@korran
Copy link
Collaborator

korran commented Oct 23, 2023

Does this address #922 ? I only noticed that when looking at the compiled assembly which calls ureg:: read_volatile_slice and compiler_builtins::mem::memcpy::memcpy, either of which could be glitched to trigger a buffer overflow. For what it's worth I'm somewhat less concerned about #922 than the other issues.

I don't think it does. I propose #989 to solve #922.

@mhatrevi mhatrevi enabled auto-merge (squash) October 24, 2023 03:38
@mhatrevi mhatrevi merged commit 076c670 into main Oct 24, 2023
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickg-ca nickg-ca nickg-ca left review comments

@rusty1968 rusty1968 rusty1968 approved these changes

@korran korran korran approved these changes

@ajisaxena ajisaxena Awaiting requested review from ajisaxena ajisaxena is a code owner

@vsonims vsonims Awaiting requested review from vsonims vsonims is a code owner

@JohnTraverAmd JohnTraverAmd Awaiting requested review from JohnTraverAmd JohnTraverAmd is a code owner

@ericeilertson ericeilertson Awaiting requested review from ericeilertson

@FerralCoder FerralCoder Awaiting requested review from FerralCoder FerralCoder is a code owner

@bluegate010 bluegate010 Awaiting requested review from bluegate010 bluegate010 is a code owner

Assignees
No one assigned
Labels
Caliptra v1.0 Items required for v1.0 Release ROM Issue affects ROM security/countermeasure
Projects
None yet
Milestone
No milestone
5 participants
@mhatrevi @andreslagarcavilla @nickg-ca @korran @rusty1968