Add mitigations to threat model

Describe under each release what kind of threat mitigations we have
added.
This commit is contained in:
Michael Cardell Widerkrantz 2024-03-21 16:39:43 +01:00
parent 0e166e4159
commit 88c6036215
No known key found for this signature in database
GPG Key ID: D3DB3DDF57E704E5

View File

@ -16,7 +16,6 @@ cases, the threat model tries to capture and describe the threats that
needs to be mitigated in order for the device app to work in a secure
and trustworthy manner.
## Assumptions
* There are no backdoors or vulnerabilities in Lattice iCE40 UltraPlus
@ -176,18 +175,30 @@ are out of scope and what mitigations are in place.
### TKey Unlocked
Note that the threat model as described for the TK1-23.03.2-Bellatrix
release (see below) applies to TKey Unlocked devices as long as the
TKey has been provisioned with:
Note that the threat model and the mitigations per release (see below)
applies to TKey Unlocked devices too as long as they have been
provisioned with:
- the Tillitis TKey TK1-23.03.2-Bellatrix FPGA design and Tillitis
TKey firmware.
- the bitstream from the release,
- A unique, random UDS
- A unique UDI
The configuration must have been written into the NVCM and
locked by blowing the fuses.
### TK1-24.03-Bellatrix
#### Mitigations
- USB port attacks - boot protocol:
- Instead of exiting to an eternal loop on errors, firmware now
forces a CPU trap state that requires a reboot.
- Software attacks:
Access outside of physical RAM forces the CPU into a trap state
that requires a reboot.
### TK1-23.03.2-Bellatrix
This release contains a BOM update to the Tkey hardware for the touch
@ -216,6 +227,37 @@ The FPGA design as well as the firmware has been audited, and
hardening of these has been performed to some degree. For more
information, see the [Release Notes](/doc/release_notes.md)
#### Mitigations
- To protect the UDS the hardware design allows only one read per word
of the UDS per power-cycle.
- USB port attacks - boot protocol:
- The firmware has a more strict protocol state machine and exits out
to an eternal loop on any errors.
- Firmware stack is protected by hardware for execution.
- Software attacks:
- Firmware uses its own FW_RAM for sensitive computations which is
not available in app mode.
- Device apps can protect arbitrarly parts of RAM, typically heap +
stack, with hardware support.
- Hardware attacks:
- The reading and handling of the UDS is randomized so it doesn't
always occur on the same cycle.
- Firmware turns on hardware assisted RAM address and data
scrambling mechanisms. It makes it harder for an outside attacker
to find assets generated by and stored in the RAM by applications.
Note that this mitigates an attack from outside the CPU, not from
an exploit towards applications running on it.
#### Known possible weakneses
The CH552 MCU providing USB host communication contains firmware that