Uncategorized

CVE-2018-1000205: U-Boot, Verified Boot input validation

Re: https://firmwaresecurity.com/2018/06/26/cve-2018-1000205-u-boot/

and https://firmwaresecurity.com/2018/06/07/teddy-reed-on-u-boots-verified-boot/

There is now a description for the CVE. Ah, this makes sense, the Verified Boot issues that Teddy Reed brought up earlier:

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.

https://nvd.nist.gov/vuln/detail/CVE-2018-1000205

https://lists.denx.de/pipermail/u-boot/2018-June/330454.html

https://lists.denx.de/pipermail/u-boot/2018-June/330898.html

Standard
Uncategorized

U-Boot gets Android Verified Boot (AVB) 2.0

Igor Opaniuk of Linaro posted a patch to the U-Boot list, adding Android Verified Boot 2.0 support:

This series of patches introduces support of Android Verified B oot 2.0,which provides integrity checking of Android partitions on MMC. It integrates libavb/libavb_ab into the U-boot, provides implementation of AvbOps, subset of `avb` commands to run verification chain (and for debugging purposes), and it enables AVB2.0 verification on AM57xx HS SoC by default. Currently, there is still no support for verification of A/B boot slots and no rollback protection (for storing rollback indexes there are plans to use eMMC RPMB). Libavb/libavb_ab will be deviated from AOSP upstream in the future, that’s why minimal amount of changes were introduced into the lib sources, so checkpatch may fail. For additional details check [1] AVB 2.0 README and doc/README.avb2, which is a part of this patchset.[…]

https://lists.denx.de/pipermail/u-boot/2018-April/326562.html

 

Standard
Uncategorized

CopperheadOS on Android Verified Boot 2.0 docs

https://android.googlesource.com/platform/external/avb/#device-specific-notes

https://android-review.googlesource.com/c/platform/external/avb/+/582100

Standard
Uncategorized

Android Oreo Verified Boot’s Rollback Protection

This flew under our radar back at I/O, but it’s big news. On compatible devices, the new Verified Boot changes in Android 8.0 Oreo will prevent a device from booting should it be rolled back to an earlier firmware. The new feature is called Rollback Protection. So if your phone is flashed with older software, you (and your data) are protected from whatever potential security vulnerabilities may have been present in earlier versions. For 99% of users, the new Rollback Protection is great news. If a phone is lost or stolen, it further decreases the number of potential attacks which could be used to gain access, providing better safety for your data.[…]

http://www.androidpolice.com/2017/09/05/android-oreo-feature-spotlight-changes-verified-boot-wont-allow-start-downgraded-os/

https://android.googlesource.com/platform/external/avb/#Rollback-Protection

 

Standard
Uncategorized

Dorian Cussen’s Android Security Reference

I just noticed this Android Security Reference. It has a few pages on boot phase:

https://github.com/doridori/Android-Security-Reference

https://github.com/doridori/Android-Security-Reference/blob/master/boot/verified_boot.md

https://github.com/doridori/Android-Security-Reference/blob/master/boot/bootloader.md

https://github.com/doridori/Android-Security-Reference/blob/master/boot/boot_process.md

http://kodroid.com/

Standard