SEAL [1] researchers and engineers were able to overcome the signature checking on a Raspberry Pi3 device using a glitch attack involving electromagnetic fault injection. Via a side channel attack (electromagnetic pulse injection), they’ve successfully been able to clear registers making the register value all zeroes. SEAL narrowed down the attack to individual assembly instructions, allowing them to target it very precisely. Due to the fact that OP-TEE's TEE SUCCESS value is specified as "0x00000000", their attack was able to successfully fool the signature checking into believing it has a valid signature.
Severity rationale
Low, as it is a complex attack that exposes no secrets. However, depending on where and when the glitching attack occurs, it may result in undefined behavior, that would possibly be more severe.
Mitigations
Varied SoCs have different levels of hardware security against these types of attacks. Sensing voltage drop, detecting clock changes, protecting electronics, etc. When those exists on a device, they should be used. From a software perspective, it's a bit more complicated, however there are "best practice" countermeasures that have shown to make it far more difficult for such attacks to be effective. The OP-TEE project has already investigated various sorts of software mitigation patterns. We have concluded in collaboration with SEAL that the proposed software mitigations are effective, since the SEAL team was unable to overcome the signature verification after implementing our mitigation patches.
Patches
optee_os.git
- Pull request #5646 - Fault mitigation
Where the individual merged commits are (should be applied from top to bottom as stated here):
Workarounds
N/A
References
OP-TEE ID
OP-TEE-2022-0001
Reported by
[1] SEAL - Secured Embedded Architecture Lab, Indian Institute of Technology Kharagpur - Nimish Mishra (@NimishMishra ), Anirban Chakraborty and Debdeep Mukhopadhyay.
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.
Timeline
2022-08-26: Initial report sent to TrustedFirmware.
2022-08-26: Confirmed that report has been received.
2022-08-29: OP-TEE maintainers internal assessment.
2022-10-06: Updating Trusted Stakeholders.
2022-11-24: Providing the advisory to the wider public.
SEAL [1] researchers and engineers were able to overcome the signature checking on a Raspberry Pi3 device using a glitch attack involving electromagnetic fault injection. Via a side channel attack (electromagnetic pulse injection), they’ve successfully been able to clear registers making the register value all zeroes. SEAL narrowed down the attack to individual assembly instructions, allowing them to target it very precisely. Due to the fact that OP-TEE's
TEE SUCCESSvalue is specified as "0x00000000", their attack was able to successfully fool the signature checking into believing it has a valid signature.Severity rationale
Low, as it is a complex attack that exposes no secrets. However, depending on where and when the glitching attack occurs, it may result in undefined behavior, that would possibly be more severe.
Mitigations
Varied SoCs have different levels of hardware security against these types of attacks. Sensing voltage drop, detecting clock changes, protecting electronics, etc. When those exists on a device, they should be used. From a software perspective, it's a bit more complicated, however there are "best practice" countermeasures that have shown to make it far more difficult for such attacks to be effective. The OP-TEE project has already investigated various sorts of software mitigation patterns. We have concluded in collaboration with SEAL that the proposed software mitigations are effective, since the SEAL team was unable to overcome the signature verification after implementing our mitigation patches.
Patches
optee_os.git
Where the individual merged commits are (should be applied from top to bottom as stated here):
Workarounds
N/A
References
OP-TEE ID
OP-TEE-2022-0001
Reported by
[1] SEAL - Secured Embedded Architecture Lab, Indian Institute of Technology Kharagpur - Nimish Mishra (@NimishMishra ), Anirban Chakraborty and Debdeep Mukhopadhyay.
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.
Timeline
2022-08-26: Initial report sent to TrustedFirmware.
2022-08-26: Confirmed that report has been received.
2022-08-29: OP-TEE maintainers internal assessment.
2022-10-06: Updating Trusted Stakeholders.
2022-11-24: Providing the advisory to the wider public.