From 88c6036215f31b29acfa25fb136e344c466b51e9 Mon Sep 17 00:00:00 2001 From: Michael Cardell Widerkrantz Date: Thu, 21 Mar 2024 16:39:43 +0100 Subject: [PATCH] Add mitigations to threat model Describe under each release what kind of threat mitigations we have added. --- doc/threat_model/threat_model.md | 54 ++++++++++++++++++++++++++++---- 1 file changed, 48 insertions(+), 6 deletions(-) diff --git a/doc/threat_model/threat_model.md b/doc/threat_model/threat_model.md index 5db84e0..3a37a2d 100644 --- a/doc/threat_model/threat_model.md +++ b/doc/threat_model/threat_model.md @@ -16,7 +16,6 @@ cases, the threat model tries to capture and describe the threats that needs to be mitigated in order for the device app to work in a secure and trustworthy manner. - ## Assumptions * There are no backdoors or vulnerabilities in Lattice iCE40 UltraPlus @@ -176,18 +175,30 @@ are out of scope and what mitigations are in place. ### TKey Unlocked -Note that the threat model as described for the TK1-23.03.2-Bellatrix -release (see below) applies to TKey Unlocked devices as long as the -TKey has been provisioned with: +Note that the threat model and the mitigations per release (see below) +applies to TKey Unlocked devices too as long as they have been +provisioned with: -- the Tillitis TKey TK1-23.03.2-Bellatrix FPGA design and Tillitis - TKey firmware. +- the bitstream from the release, - A unique, random UDS - A unique UDI The configuration must have been written into the NVCM and locked by blowing the fuses. +### TK1-24.03-Bellatrix + +#### Mitigations + +- USB port attacks - boot protocol: + + - Instead of exiting to an eternal loop on errors, firmware now + forces a CPU trap state that requires a reboot. + +- Software attacks: + + Access outside of physical RAM forces the CPU into a trap state + that requires a reboot. ### TK1-23.03.2-Bellatrix This release contains a BOM update to the Tkey hardware for the touch @@ -216,6 +227,37 @@ The FPGA design as well as the firmware has been audited, and hardening of these has been performed to some degree. For more information, see the [Release Notes](/doc/release_notes.md) +#### Mitigations + +- To protect the UDS the hardware design allows only one read per word + of the UDS per power-cycle. + +- USB port attacks - boot protocol: + + - The firmware has a more strict protocol state machine and exits out + to an eternal loop on any errors. + + - Firmware stack is protected by hardware for execution. + +- Software attacks: + + - Firmware uses its own FW_RAM for sensitive computations which is + not available in app mode. + + - Device apps can protect arbitrarly parts of RAM, typically heap + + stack, with hardware support. + +- Hardware attacks: + + - The reading and handling of the UDS is randomized so it doesn't + always occur on the same cycle. + + - Firmware turns on hardware assisted RAM address and data + scrambling mechanisms. It makes it harder for an outside attacker + to find assets generated by and stored in the RAM by applications. + Note that this mitigates an attack from outside the CPU, not from + an exploit towards applications running on it. + #### Known possible weakneses The CH552 MCU providing USB host communication contains firmware that