andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
arm-trusted-firmware/drivers
History
Manish V Badarkhe a2a5a94569 fix(driver/auth): avoid NV counter upgrade without certificate validation 
Platform NV counter get updated (if cert NV counter > plat NV counter)
before authenticating the certificate if the platform specifies NV
counter method before signature authentication in its CoT, and this
provides an opportunity for a tempered certificate to upgrade the
platform NV counter. This is theoretical issue, as in practice none
of the standard CoT (TBBR, dualroot) or upstream platforms ones (NXP)
exercised this issue.

To fix this issue, modified the auth_nvctr method to do only NV
counter check, and flags if the NV counter upgrade is needed or not.
Then ensured that the platform NV counter gets upgraded with the NV
counter value from the certificate only after that certificate gets
authenticated.

This change is verified manually by modifying the CoT that specifies
certificate with:
1. NV counter authentication before signature authentication
   method
2. NV counter authentication method only

Change-Id: I1ad17f1a911fb1035a1a60976cc26b2965b05166
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
 		2021-04-27 14:16:59 +01:00
..
allwinner plat/allwinner: do not setup 'disabled' regulators 2021-03-19 12:57:50 +01:00
amlogic Don't return error information from console_flush 2020-10-09 10:21:50 -05:00
arm Add SiP service to configure Arm Ethos-N NPU 2021-04-20 15:42:18 +02:00
auth fix(driver/auth): avoid NV counter upgrade without certificate validation 2021-04-27 14:16:59 +01:00
brcm Merge "driver: brcm: add mdio driver" into integration 2021-04-12 16:43:48 +02:00
cadence/uart/aarch64 cadence: Change logic in uart driver 2021-01-11 17:28:00 +00:00
cfi/v2m coverity: fix MISRA violations 2020-02-18 10:47:46 -06:00
console Don't return error information from console_flush 2020-10-09 10:21:50 -05:00
coreboot/cbmem_console/aarch64 Don't return error information from console_flush 2020-10-09 10:21:50 -05:00
delay_timer include: move MHZ_TICKS_PER_SEC to utils_def.h 2020-02-20 09:25:45 -08:00
gpio Sanitise includes across codebase 2019-01-04 10:43:17 +00:00
imx Don't return error information from console_flush 2020-10-09 10:21:50 -05:00
intel/soc/stratix10/io io: change seek offset to signed long long 2020-01-10 21:14:57 +01:00
io Merge "io_fip: return -ENFILE when a file is already open" into integration 2020-07-21 21:41:51 +00:00
marvell drivers/marvell: check if TRNG unit is present 2021-04-20 13:00:16 +02:00
measured_boot Merge "Measured Boot Driver: Fix MISRA-C 2012 defects" into integration 2020-10-01 18:18:32 +00:00
mentor/i2c Enable -Wlogical-op always 2019-11-19 08:53:21 -06:00
mmc mmc: remove useless extra semicolons 2021-04-08 08:44:57 +02:00
mtd nand: raw_nand: fix timeout issue in nand_wait_ready 2020-09-24 09:32:23 +02:00
nxp nxp: adding the driver.mk file 2021-03-24 09:49:32 +05:30
partition drivers: partition: support different block size 2019-09-18 18:18:20 +08:00
rambus drivers/rambus: add TRNG-IP-76 driver 2021-02-11 09:43:18 +00:00
renesas renesas: rzg: Add support to identify EK874 RZ/G2E board 2021-04-20 16:17:50 +01:00
rpi3 rpi3: gpio: Simplify GPIO setup 2020-03-17 12:44:09 +00:00
scmi-msg drivers: move scmi-msg out of st 2021-01-20 11:37:14 +08:00
st nand: stm32_fmc_nand: remove dead code 2021-02-11 18:11:34 +01:00
synopsys Merge changes from topic "jc/shift-overflow" into integration 2019-07-16 10:11:27 +00:00
ti/uart Don't return error information from console_flush 2020-10-09 10:21:50 -05:00
ufs drivers: ufs: Extend the delay after reset to wait for some slower chips 2019-05-13 17:11:07 -07:00