CWE-1283Mutable Attestation or Measurement Reporting Data

PUBLISHEDweakness record
released 2020-02-24 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1283
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2020-02-24
更新日期:
2025-12-11

名称

Mutable Attestation or Measurement Reporting Data

描述

The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.

A System-on-Chip (SoC) implements secure boot or verified boot. During this boot flow, the SoC often measures the code that it authenticates. The measurement is usually done by calculating the one-way hash of the code binary and extending it to the previous hash. The hashing algorithm should be a Secure One-Way hash function. The final hash, i.e., the value obtained after the completion of the boot flow, serves as the measurement data used in reporting or in attestation. The calculated hash is often stored in registers that can later be read by the party of interest to determine tampering of the boot flow. A common weakness is that the contents in these registers are modifiable by an adversary, thus spoofing the measurement.

常见后果

范围:
Confidentiality
影响:
Read Memory, Read Application Data

相关 CWE