Détail du CWE-1282

Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field.

Security services such as secure boot, authentication of code and data, and device attestation all require assets such as the first stage bootloader, public keys, golden hash digests, etc. which are implicitly trusted. Storing these assets in read-only memory (ROM), fuses, or one-time programmable (OTP) memory provides strong integrity guarantees and provides a root of trust for securing the rest of the system. Security is lost if assets assumed to be immutable can be modified.

Modes d'introduction

Implementation : Keys, code, configuration settings, and other data should be programmed in write-once or read-only memory instead of writable memory.

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Systèmes d’exploitation

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)

Conséquences courantes

Mesures d’atténuation potentielles

Phases : Implementation
All immutable code or data should be programmed into ROM or write-once memory.

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Modèles d'attaque associés

NotesNotes

This entry is still under development and will continue to see updates and content improvements.
As of CWE 4.3, CWE-1282 and CWE-1233 are being investigated for potential duplication or overlap.

Soumission

Modifications