CWE

Common Weakness Enumeration

A Community-Developed List of Software & Hardware Weakness Types

2021 CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > CWE- Individual Dictionary Definition (4.7)  
ID

CWE-1231: Improper Prevention of Lock Bit Modification

Weakness ID: 1231
Abstraction: Base
Structure: Simple
Presentation Filter:
+ Description
The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.
+ Extended Description

In integrated circuits and hardware intellectual property (IP) cores, device configuration controls are commonly programmed after a device power reset by a trusted firmware or software module (e.g., BIOS/bootloader) and then locked from any further modification.

This behavior is commonly implemented using a trusted lock bit. When set, the lock bit disables writes to a protected set of registers or address regions. Design or coding errors in the implementation of the lock bit protection feature may allow the lock bit to be modified or cleared by software after it has been set. Attackers might be able to unlock the system and features that the bit is intended to protect.

+ Relationships
Section HelpThis table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.
+ Relevant to the view "Research Concepts" (CWE-1000)
NatureTypeIDName
ChildOfPillarPillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.284Improper Access Control
Section HelpThis table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.
+ Relevant to the view "Hardware Design" (CWE-1194)
NatureTypeIDName
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1199General Circuit and Logic Design Concerns
+ Modes Of Introduction
Section HelpThe different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.
PhaseNote
Architecture and DesignSuch issues could be introduced during hardware architecture and design and identified later during Testing or System Configuration phases.
ImplementationSuch issues could be introduced during implementation and identified later during Testing or System Configuration phases.
+ Applicable Platforms
Section HelpThis listing shows possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.

Languages

Class: Language-Independent (Undetermined Prevalence)

Operating Systems

Class: OS-Independent (Undetermined Prevalence)

Architectures

Class: Architecture-Independent (Undetermined Prevalence)

Technologies

Class: Technology-Independent (Undetermined Prevalence)

+ Common Consequences
Section HelpThis table specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.
ScopeImpactLikelihood
Access Control

Technical Impact: Modify Memory

Registers protected by lock bit can be modified even when lock is set.
High
+ Demonstrative Examples

Example 1

Consider the example design below for a digital thermal sensor that detects overheating of the silicon and triggers system shutdown. The system critical temperature limit (CRITICAL_TEMP_LIMIT) and thermal sensor calibration (TEMP_SENSOR_CALIB) data have to be programmed by firmware, and then the register needs to be locked (TEMP_SENSOR_LOCK).

(bad code)
Example Language: Other 
Register Field description
CRITICAL_TEMP_LIMIT [31:8] Reserved field; Read only; Default 0

[7:0] Critical temp 0-255 Centigrade; Read-write-lock; Default 125
TEMP_SENSOR_CALIB [31:0] Thermal sensor calibration data. Slope value used to map sensor reading to degrees Centigrade.
TEMP_SENSOR_LOCK [31:1] Reserved field; Read only; Default 0

[0] Lock bit, locks CRITICAL_TEMP_LIMIT and TEMP_SENSOR_CALIB registers; Write-1-once; Default 0
TEMP_HW_SHUTDOWN [31:2] Reserved field; Read only; Default 0

[1] Enable hardware shutdown on critical temperature detection; Read-write; Default 0
CURRENT_TEMP [31:8] Reserved field; Read only; Default 0

[7:0] Current Temp 0-255 Centigrade; Read-only; Default 0

In this example, note that if the system heats to critical temperature, the response of the system is controlled by the TEMP_HW_SHUTDOWN bit [1], which is not lockable. Thus, the intended security property of the critical temperature sensor cannot be fully protected, since software can misconfigure the TEMP_HW_SHUTDOWN register even after the lock bit is set to disable the shutdown response.

(good code)
 

To fix this weakness, one could change the TEMP_HW_SHUTDOWN field to be locked by TEMP_SENSOR_LOCK.

TEMP_HW_SHUTDOWN [31:2] Reserved field; Read only; Default 0

[1] Enable hardware shutdown on critical temperature detection; Read-write-Lock; Default 0

[0] Locked by TEMP_SENSOR_LOCK
+ Observed Examples
ReferenceDescription
chip reset clears critical read/write lock permissions for RSA function
+ Potential Mitigations

Phases: Architecture and Design; Implementation; Testing

  • Security lock bit protections must be reviewed for design inconsistency and common weaknesses.
  • Security lock programming flow and lock properties must be tested in pre-silicon and post-silicon testing.

Effectiveness: High

+ Weakness Ordinalities
OrdinalityDescription
Primary
(where the weakness exists independent of other weaknesses)
+ Detection Methods

Manual Analysis

Set the lock bit. Power cycle the device. Attempt to clear the lock bit. If the information is changed, implement a design fix. Retest. Also, attempt to indirectly clear the lock bit or bypass it.

Effectiveness: High

+ Memberships
Section HelpThis MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources.
NatureTypeIDName
MemberOfViewView - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).1343Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1372ICS Supply Chain: OT Counterfeit and Malicious Corruption
+ Content History
+ Submissions
Submission DateSubmitterOrganization
2020-01-15Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V MangipudiIntel Corporation
+ Contributions
Contribution DateContributorOrganization
2021-10-20Narasimha Kumar V MangipudiLattice Semiconductor
reviewed content changes
2021-10-22Hareesh KhattriIntel Corporation
provided observed example
+ Modifications
Modification DateModifierOrganization
2020-06-25CWE Content TeamMITRE
updated Demonstrative_Examples
2020-08-20CWE Content TeamMITRE
updated Related_Attack_Patterns
2021-10-28CWE Content TeamMITRE
updated Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, Relationships, Weakness_Ordinalities
2022-04-28CWE Content TeamMITRE
updated Related_Attack_Patterns, Relationships
+ Previous Entry Names
Change DatePrevious Entry Name
2021-10-28Improper Implementation of Lock Protection Registers
More information is available — Please select a different filter.
Page Last Updated: May 05, 2022