Western Digital has identified a couple of security vulnerabilities in the RPMB protocol. By doing a man in the middle attack it’s possible to get the system into a state different to what the legitimate user believes it is. The possible types of attacks are software downgrades. The mitigation idea is to always at boot (or during first use of RPMB) read the write counter from the RPMB and then send dummy packets with a dummy block until the counter value in the response is the expected (counter + 1). First after that sequence, it’s OK to communicate with the RPMB with the intended data.
Patches
optee_os.git
- core: fix RPMB rollback vulnerability (a8fb165)
Workarounds
N/A
References
For more details, please see the Western Digital security bulletin and the Western Digital whitepaper for this CVE.
OP-TEE ID
OP-TEE-2020-0001
Reported by
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.
Western Digital has identified a couple of security vulnerabilities in the RPMB protocol. By doing a man in the middle attack it’s possible to get the system into a state different to what the legitimate user believes it is. The possible types of attacks are software downgrades. The mitigation idea is to always at boot (or during first use of RPMB) read the write counter from the RPMB and then send dummy packets with a dummy block until the counter value in the response is the expected (counter + 1). First after that sequence, it’s OK to communicate with the RPMB with the intended data.
Patches
optee_os.git
Workarounds
N/A
References
For more details, please see the Western Digital security bulletin and the Western Digital whitepaper for this CVE.
OP-TEE ID
OP-TEE-2020-0001
Reported by
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.