From fce873364e562b6977fbeab679a7839ee2dfb465 Mon Sep 17 00:00:00 2001 From: Tamas Ban Date: Fri, 10 Jul 2020 12:40:11 +0100 Subject: [PATCH] boot/zephyr: Add fault injection hardening profile to Zephyr config Add fault injection hardening profile configuration to Zephyr config. Default config is to not have any hardening in SW against hardware level fault injection like clock or power glitching, EM pulse, laser beam, etc. Change-Id: I67d22d257ead83e1e288de0ee7621aac32bf50eb Signed-off-by: Tamas Ban Signed-off-by: Fabio Utzig --- boot/zephyr/CMakeLists.txt | 8 ++++- boot/zephyr/Kconfig | 36 +++++++++++++++++++ .../include/mcuboot_config/mcuboot_config.h | 16 +++++++++ 3 files changed, 59 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 81b76f46..e2bfcb92 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -100,8 +100,15 @@ zephyr_library_sources( ${BOOT_DIR}/bootutil/src/image_ec256.c ${BOOT_DIR}/bootutil/src/image_ed25519.c ${BOOT_DIR}/bootutil/src/bootutil_misc.c + ${BOOT_DIR}/bootutil/src/fault_injection_hardening.c ) +if(CONFIG_BOOT_FIH_PROFILE_HIGH) +zephyr_library_sources( + ${BOOT_DIR}/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c + ) +endif() + if(CONFIG_SINGLE_APPLICATION_SLOT) zephyr_library_sources( ${BOOT_DIR}/zephyr/single_loader.c @@ -117,7 +124,6 @@ zephyr_library_sources( ) endif() - if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256) zephyr_library_include_directories( ${MBEDTLS_ASN1_DIR}/include diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 544224f7..ec56dc2f 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -297,6 +297,42 @@ config BOOT_SHARE_DATA bool "Save application specific data in shared memory area" default n +choice + prompt "Fault injection hardening profile" + default BOOT_FIH_PROFILE_OFF + +config BOOT_FIH_PROFILE_OFF + bool "No hardening against hardware level fault injection" + help + No hardening in SW against hardware level fault injection: power or + clock glitching, etc. + +config BOOT_FIH_PROFILE_LOW + bool "Moderate level hardening against hardware level fault injection" + help + Moderate level hardening: Long global fail loop to avoid break out, + control flow integrity check to discover discrepancy in expected code + flow. + +config BOOT_FIH_PROFILE_MEDIUM + bool "Medium level hardening against hardware level fault injection" + help + Medium level hardening: Long global fail loop to avoid break out, + control flow integrity check to discover discrepancy in expected code + flow, double variables to discover register or memory corruption. + +config BOOT_FIH_PROFILE_HIGH + bool "Maximum level hardening against hardware level fault injection" + select MBEDTLS + help + Maximum level hardening: Long global fail loop to avoid break out, + control flow integrity check to discover discrepancy in expected code + flow, double variables to discover register or memory corruption, random + delays to make code execution less predictable. Random delays requires an + entropy source. + +endchoice + config BOOT_WAIT_FOR_USB_DFU bool "Wait for a prescribed duration to see if USB DFU is invoked" default n diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index d395489c..defe22d1 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -125,6 +125,22 @@ #define MCUBOOT_DATA_SHARING #endif +#ifdef CONFIG_BOOT_FIH_PROFILE_OFF +#define MCUBOOT_FIH_PROFILE_OFF +#endif + +#ifdef CONFIG_BOOT_FIH_PROFILE_LOW +#define MCUBOOT_FIH_PROFILE_LOW +#endif + +#ifdef CONFIG_BOOT_FIH_PROFILE_MEDIUM +#define MCUBOOT_FIH_PROFILE_MEDIUM +#endif + +#ifdef CONFIG_BOOT_FIH_PROFILE_HIGH +#define MCUBOOT_FIH_PROFILE_HIGH +#endif + /* * Enabling this option uses newer flash map APIs. This saves RAM and * avoids deprecated API usage.