BaseDraft

CWE-1326Missing Immutable Root of Trust in Hardware

Category: other

Description

A missing immutable root of trust in the hardware results in the ability to bypass secure boot or execute untrusted or adversarial boot code.

Common consequences· 1

  • Authentication / Authorization — Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands, Modify Memory

Potential mitigations· 2

  • [Architecture and Design]When architecting the system, the RoT should be designated for storage in a memory that does not allow further programming/writes.
  • [Implementation]During implementation and test, the RoT memory location should be demonstrated to not allow further programming/writes.

Related CAPEC attack patterns· 2

CAPEC-679CAPEC-68

References

  1. https://cwe.mitre.org/data/definitions/1326.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternSubvert Code-signing Facilitiescapec-68100%live
AttackPatternExploitation of Improperly Configured or Implemented Memory Protectionscapec-679100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Ability to Patch ROM Code
CWE
Improper Access Control for Volatile Memory Containing Boot Code
CWE
Security Version Number Mutable to Older Versions
CWE
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
CWE
Improper Handling of Faults that Lead to Instruction Skips
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.