Security-Sensitive Hardware Controls with Missing Lock Bit Protection
Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE-1233
Short description
Extended description
Integrated circuits and hardware intellectual properties (IPs) might provide device configuration controls that need to be programmed after device power reset by a trusted firmware or software module, commonly set by BIOS/bootloader. After reset, there can be an expectation that the controls cannot be used to perform any further modification. This behavior is commonly implemented using a trusted lock bit, which can be set to disable writes to a protected set of registers or address regions. The lock protection is intended to prevent modification of certain system configuration (e.g., memory/memory protection unit configuration).
However, if the lock bit does not effectively write-protect all system registers or controls that could modify the protected system configuration, then an adversary may be able to use software to access the registers/controls and modify the protected hardware configuration.
Best practices to prevent this CWE
Phase: Architecture and Design; Implementation; Testing
- Security lock bit protections must be reviewed for design inconsistency and common weaknesses.
- Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing.
