xref: /rk3399_ARM-atf/docs/security_advisories/security-advisory-tfv-4.rst (revision 12fc6ba73d7191a71bf8b3b611fd3f618ed2f25e) 
14fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
24fe91230SJoel Hutton| Title          | Malformed Firmware Update SMC can result in copy or         |
34fe91230SJoel Hutton|                | authentication of unexpected data in secure memory in       |
44fe91230SJoel Hutton|                | AArch32 state                                               |
54fe91230SJoel Hutton+================+=============================================================+
6*12fc6ba7SPaul Beesley| CVE ID         | `CVE-2017-9607`_                                            |
74fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
84fe91230SJoel Hutton| Date           | 20 Jun 2017                                                 |
94fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
104fe91230SJoel Hutton| Versions       | None (only between 22 May 2017 and 14 June 2017)            |
114fe91230SJoel Hutton| Affected       |                                                             |
124fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
134fe91230SJoel Hutton| Configurations | Platforms that use AArch32 BL1 plus untrusted normal world  |
144fe91230SJoel Hutton| Affected       | firmware update code executing before BL31                  |
154fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
164fe91230SJoel Hutton| Impact         | Copy or authentication of unexpected data in the secure     |
174fe91230SJoel Hutton|                | memory                                                      |
184fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
194fe91230SJoel Hutton| Fix Version    | `Pull Request #979`_ (merged on 14 June 2017)               |
204fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
214fe91230SJoel Hutton| Credit         | ARM                                                         |
224fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
234fe91230SJoel Hutton
244fe91230SJoel HuttonThe ``include/lib/utils_def.h`` header file provides the
254fe91230SJoel Hutton``check_uptr_overflow()`` macro, which aims at detecting arithmetic overflows
264fe91230SJoel Huttonthat may occur when computing the sum of a base pointer and an offset. This
274fe91230SJoel Huttonmacro evaluates to 1 if the sum of the given base pointer and offset would
284fe91230SJoel Huttonresult in a value large enough to wrap around, which may lead to unpredictable
294fe91230SJoel Huttonbehaviour.
304fe91230SJoel Hutton
314fe91230SJoel HuttonThe macro code is at line 52, referring to the version of the code as of `commit
324fe91230SJoel Huttonc396b73`_:
334fe91230SJoel Hutton
344fe91230SJoel Hutton.. code:: c
354fe91230SJoel Hutton
364fe91230SJoel Hutton    /*
374fe91230SJoel Hutton     * Evaluates to 1 if (ptr + inc) overflows, 0 otherwise.
384fe91230SJoel Hutton     * Both arguments must be unsigned pointer values (i.e. uintptr_t).
394fe91230SJoel Hutton     */
404fe91230SJoel Hutton    #define check_uptr_overflow(ptr, inc)       \
414fe91230SJoel Hutton        (((ptr) > UINTPTR_MAX - (inc)) ? 1 : 0)
424fe91230SJoel Hutton
434fe91230SJoel HuttonThis macro does not work correctly for AArch32 images. It fails to detect
444fe91230SJoel Huttonoverflows when the sum of its two parameters fall into the ``[2^32, 2^64 - 1]``
454fe91230SJoel Huttonrange. Therefore, any AArch32 code relying on this macro to detect such integer
464fe91230SJoel Huttonoverflows is actually not protected.
474fe91230SJoel Hutton
484fe91230SJoel HuttonThe buggy code has been present in ARM Trusted Firmware (TF) since `Pull Request
494fe91230SJoel Hutton#678`_ was merged (on 18 August 2016). However, the upstream code was not
504fe91230SJoel Huttonvulnerable until `Pull Request #939`_ was merged (on 22 May 2017), which
514fe91230SJoel Huttonintroduced AArch32 support for the Trusted Board Boot (TBB) feature. Before
524fe91230SJoel Huttonthen, the ``check_uptr_overflow()`` macro was not used in AArch32 code.
534fe91230SJoel Hutton
544fe91230SJoel HuttonThe vulnerability resides in the BL1 FWU SMC handling code and it may be
554fe91230SJoel Huttonexploited when *all* the following conditions apply:
564fe91230SJoel Hutton
574fe91230SJoel Hutton- Platform code uses TF BL1 with the ``TRUSTED_BOARD_BOOT`` build option.
584fe91230SJoel Hutton
594fe91230SJoel Hutton- Platform code uses the Firmware Update (FWU) code provided in
604fe91230SJoel Hutton  ``bl1/bl1_fwu.c``, which is part of the TBB support.
614fe91230SJoel Hutton
624fe91230SJoel Hutton- TF BL1 is compiled with the ``ARCH=aarch32`` build option.
634fe91230SJoel Hutton
644fe91230SJoel HuttonIn this context, the AArch32 BL1 image might fail to detect potential integer
654fe91230SJoel Huttonoverflows in the input validation checks while handling the
664fe91230SJoel Hutton``FWU_SMC_IMAGE_COPY`` and ``FWU_SMC_IMAGE_AUTH`` SMCs.
674fe91230SJoel Hutton
684fe91230SJoel HuttonThe ``FWU_SMC_IMAGE_COPY`` SMC handler is designed to copy an image into secure
694fe91230SJoel Huttonmemory for subsequent authentication. This is implemented by the
704fe91230SJoel Hutton``bl1_fwu_image_copy()`` function, which has the following function prototype:
714fe91230SJoel Hutton
724fe91230SJoel Hutton.. code:: c
734fe91230SJoel Hutton
744fe91230SJoel Hutton     static int bl1_fwu_image_copy(unsigned int image_id,
754fe91230SJoel Hutton                        uintptr_t image_src,
764fe91230SJoel Hutton                        unsigned int block_size,
774fe91230SJoel Hutton                        unsigned int image_size,
784fe91230SJoel Hutton                        unsigned int flags)
794fe91230SJoel Hutton
804fe91230SJoel Hutton``image_src`` is an SMC argument and therefore potentially controllable by an
814fe91230SJoel Huttonattacker. A very large 32-bit value, for example ``2^32 -1``, may result in the
824fe91230SJoel Huttonsum of ``image_src`` and ``block_size`` overflowing a 32-bit type, which
834fe91230SJoel Hutton``check_uptr_overflow()`` will fail to detect.  Depending on its implementation,
844fe91230SJoel Huttonthe platform-specific function ``bl1_plat_mem_check()`` might get defeated by
854fe91230SJoel Huttonthese unsanitized values and allow the following memory copy operation, that
864fe91230SJoel Huttonwould wrap around.  This may allow an attacker to copy unexpected data into
874fe91230SJoel Huttonsecure memory if the memory is mapped in BL1's address space, or cause a fatal
884fe91230SJoel Huttonexception if it's not.
894fe91230SJoel Hutton
904fe91230SJoel HuttonThe ``FWU_SMC_IMAGE_AUTH`` SMC handler is designed to authenticate an image
914fe91230SJoel Huttonresident in secure memory. This is implemented by the ``bl1_fwu_image_auth()``
924fe91230SJoel Huttonfunction, which has the following function prototype:
934fe91230SJoel Hutton
944fe91230SJoel Hutton.. code:: c
954fe91230SJoel Hutton
964fe91230SJoel Hutton    static int bl1_fwu_image_auth(unsigned int image_id,
974fe91230SJoel Hutton                        uintptr_t image_src,
984fe91230SJoel Hutton                        unsigned int image_size,
994fe91230SJoel Hutton                        unsigned int flags)
1004fe91230SJoel Hutton
1014fe91230SJoel HuttonSimilarly, if an attacker has control over the ``image_src`` or ``image_size``
1024fe91230SJoel Huttonarguments through the SMC interface and injects high values whose sum overflows,
1034fe91230SJoel Huttonthey might defeat the ``bl1_plat_mem_check()`` function and make the
1044fe91230SJoel Huttonauthentication module read data outside of what's normally allowed by the
1054fe91230SJoel Huttonplatform code or crash the platform.
1064fe91230SJoel Hutton
1074fe91230SJoel HuttonNote that in both cases, a separate vulnerability is required to leverage this
1084fe91230SJoel Huttonvulnerability; for example a way to get the system to change its behaviour based
1094fe91230SJoel Huttonon the unexpected secure memory accesses.  Moreover, the normal world FWU code
1104fe91230SJoel Huttonwould need to be compromised in order to send a malformed FWU SMC that triggers
1114fe91230SJoel Huttonan integer overflow.
1124fe91230SJoel Hutton
1134fe91230SJoel HuttonThe vulnerability is known to affect all ARM standard platforms when enabling
1144fe91230SJoel Huttonthe ``TRUSTED_BOARD_BOOT`` and ``ARCH=aarch32`` build options.  Other platforms
1154fe91230SJoel Huttonmay also be affected if they fulfil the above conditions.
1164fe91230SJoel Hutton
117*12fc6ba7SPaul Beesley.. _CVE-2017-9607: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9607
1184fe91230SJoel Hutton.. _commit c396b73: https://github.com/ARM-software/arm-trusted-firmware/commit/c396b73
1194fe91230SJoel Hutton.. _Pull Request #678: https://github.com/ARM-software/arm-trusted-firmware/pull/678
1204fe91230SJoel Hutton.. _Pull Request #939: https://github.com/ARM-software/arm-trusted-firmware/pull/939
1214fe91230SJoel Hutton.. _Pull Request #979: https://github.com/ARM-software/arm-trusted-firmware/pull/979
122