Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors
By Guillaume Delugré Iván Arce
This blog post provides details about two vulnerabilities found by Quarkslab’s researchers Guillaume Delugré and Kévin Szkudłapski in the secure boot feature of the i.MX family of application processors  built by NXP Semiconductors. The bugs allow an attacker to subvert the secure boot process to bypass code signature verification and load and execute arbitrary code on i.MX application processors that have the High Assurance Boot feature enabled. These bugs affect 12 i.MX processor families. The vulnerabilities were discovered and reported to the vendor in September 2016 and the technical details included in this blogpost were disclosed in a joint Quarkslab-NXP presentation at the Qualcomm Mobile Security Summit 2017  in May 19th, 2017. National computer emergency response teams (CERTs) from 4 countries were informed about the issues in March, 2017. NXP has issued an Engineering Bulletin and two Errata documents (EB00854, ERR010872 and ERR0108873 respectively)  providing a brief description of both vulnerabilities, the list of affected processor models along with resolution plans and possible mitigations. In the rest of the blogpost we describe the relevant features in i.MX processors and the vulnerabilities affecting them.[…]InversePath, vendor of USB Armory , an affected device confirmed the vulnerabilities and developed proof of concept programs to demonstrate them.[…]
Break your own product, and break it hard
Security advisory: High Assurance Boot (HABv4) bypass
The NXP i.MX53 System-on-Chip, main processor used in the USB armory Mk I board  design, suffers from vulnerabilities that allow bypass of the optional High Assurance Boot function (HABv4). The HABv4  enables on-chip internal boot ROM authentication of the initial bootloader with a digital signature, establishing the first trust anchor for further code authentication. This functionality is commonly known as Secure Boot  and it can be activated by users who require authentication of the bootloader (e.g. U-Boot) to further maintain, and verify, trust of executed code. Quarkslab reported  to NXP, and subsequently to Inverse Path, two different techniques for bypassing HABv4 by means of exploiting validation errors in the SoC internal boot ROM , which are exposed before bootloader authentication takes place. While the two vulnerabilities have been initially reported for the i.MX6 SoC, Inverse Path evaluated that both issues also apply to the i.MX53 SoC, used on the USB armory Mk I.
Technical details under embargo until July 18th, by mutual agreement between
reported and NXP.
“Helsinki, Finland – February 16, 2017: Cyber security company F-Secure has acquired privately-held company Inverse Path, an industry leader in providing security services to the avionics, automotive, and industrial control sectors. Inverse Path’s expertise in hardware security and the safety of critical embedded systems strengthens F-Secure’s position as a service provider for businesses in critical sectors with challenging IT infrastructure.[…]”
“Idea: you send us secure boot pubkey hashes, we fuse them on your ordered USB armory, from that moment to your door nobody else can use it.”
We need OEMs that build machines like this, and the Stateless Laptop of Invisible Things Lab.
Two stories, 1 post:
1) USB Armory, an Open Source Hardware-based ARM device by Inverse Path, has secured it’s boot sequence, and uses the term “Secure Boot”, not to be confused by UEFI Secure Boot, and have finished documenting it:
Excerpt, just of the disclaimer, since it is a serious one:
IMPORTANT DISCLAIMER: enabling secure boot functionality on the USB armory SoC, unlike similar features on modern PCs, is an irreversible action that permanently fuses verification keys hashes on the device. This means that any errors in the process or loss of the signing PKI will result in a bricked device incapable of executing unsigned code. This is a security feature, not a bug. The activation and use of the secure boot functionality is therefore at your own risk and must be approached with care.
2) A second USB Armory story:
WordPress.com processes URLs I include in text, including embedding the entire docment of git.github-based URLs, I have to split this URL in have, you’ll have to recombine it, sorry (alternately, click on the URL inside the Twitter ‘box’ above):
Last month (and I just noticed…), Collin Mulliner updated the USB Armory github project with some HID emulation code:
The project includes a few scripts, including:
* hidonly.sh : switches the usbarmory to be usb hid gadget
* hidnet.sh : switches the usbarmory to be a usb hid and usb ethernet gadget
* button_setup.sh : switches pin 3 and 4 to in and out
* button.sh : checks if pin 3 and 4 are connected
One problem with being a small hardware vendor is keeping supply in stock. Bunnie Studios’s Novena, or Purism’s Librem, or Inverse Path’s USB Amoury, all IMO 3 leaders of the Open Hardware movement, are all currently in stock, or are restocking, or have a few left. Novena has a handful of laptops remaining, Librem v2 has a few days remaining for current funding program, and USB Armory is getting restocked. To paraphrase an open source term, for open hardware use: “Buy early, buy often.” 🙂
Andrea Barisani posted an a document to the USB Armory wik related to BadUSB:
BadUSB with USB Armory: “USB Armory as an Offensive Attack Platform”
by Jeroen van Kessel and Nick Triantafyllidis
This research explores the feasibility of performing attacks on computer systems with the use of USB Armory, a newly introduced device which is an ARM computer in the size of a USB stick. Exploiting the USB emulation capabilities of the device we propose and test an attack scenario using a rogue DHCP server installed on the device. Based on the success of this attack we extend the scenario to DNS hijacking and traffic diversion setups with the injection of malicious static routes into the routing tables of the victim machines. This attack was successfully executed on the latest versions of Ubuntu 14.04 and Windows 8.1. The premise of the attacks as well as the scenarios themselves are explained in detail throughout the extent of this report.
[I need to learn USB-based firmware security issues more, and how they interact with UEFI and other firmware technologies… Currently, this blog is not covering USB firmware security issues properly.]
Crowd Supply, the crowfunding platform for Open Hardware OEMs, was blessed this week by RMS and the FSF. Crowd Supply has helped new hardware startups and “Micro OEMs” like Bunnie Studios’ Novena, Purism’s Librem, and Inverse Path’s USB Armory.
“The FSF has selected Crowd Supply as its preferred crowdfunding platform, and will recommend Crowd Supply to hardware and software creators looking to crowdfund, sell or purchase products online. And third, Crowd Supply and the FSF will work together to promote and launch new software and hardware products that adhere to FSF’s guiding principles, with the first project to be announced soon.”
I am *VERY* eager to see more startups creating Open Hardware-based systems! I am looking forward to a few years from now when RISC-V-based devices start showing up on CrowdSupply…!
Going further, the FSF and Linux Foundation need to proactively start building the missing components, not waiting for Intel/ARM and OEMs to create Open Hardware, there’s little motivation for them to change their ways and their IP policies. The FSF needs to — first define, then… — fund Free Hardware, if they’re going in a separate direction from OSHWA’s Open Hardware. Personally, I wish the FSF would partner with OSHWA and focus on Open Hardware, instead of splintering the few non-closed hardware resources/efforts/funds.