-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
core: fix RPMB rollback vulnerability
Normal world is used to pass the RPMB request to the eMMC. If normal world saves a write request and returns an error instead it can be used at a later stage where OP-TEE doesn't expect a certain block to be updated. For more details on possible attacks and mitigations see [1] and [2]. The mitigation consists of two parts, while initializing and later how each write request is handled. While initializing the RPMB file system we don't have a spare dummy block so the alternative method of reading a block and writing it again is used instead. For normal write request all errors after the request message has been created will be retried 10 times. If a write request fails after 10 retries RPMB is disabled entirely until next boot. An eventual requesting TA is with an unexpected error code since we can't tell if the request has been committed to storage or not. Link: [1] https://www.westerndigital.com/support/productsecurity/wdc-20008-replay-attack-vulnerabilities-rpmb-protocol-applications Link: [2] https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-replay-protected-memory-block-protocol-vulernabilities.pdf Acked-by: Joakim Bech <joakim.bech@linaro.org> Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
- Loading branch information
1 parent
9f543cd
commit a8fb165
Showing
1 changed file
with
144 additions
and
52 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters