commit 5047f032c93fd8957be6529f8f1ad7a3fe626057
author Michael Grand <m.grand@trustngo.tech> Thu Nov 24 16:49:56 2022 +0100
committer David Brown <davidb@davidb.org> Mon Jan 30 09:34:34 2023 -0700
tree 35e61d7a9a991a8d8b2b9aed336f2188a49d0b2a
parent 78d50b2f07ca545b26224775ea0f19a65b21f44c

fih: Hardening of fault injection countermeasures

Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.

Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.

Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.

Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.

when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.

variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.

some others parts of the code have been hardenned (eg. loop on images)

Signed-off-by: Michael Grand <m.grand@trustngo.tech>

boot/zephyr/single_loader.c

diff --git a/boot/zephyr/single_loader.c b/boot/zephyr/single_loader.c
index f6c65f6..253015e 100644
--- a/boot/zephyr/single_loader.c
+++ b/boot/zephyr/single_loader.c
@@ -28,12 +28,12 @@
  *
  * @return		FIH_SUCCESS on success, error code otherwise
  */
-fih_int
+fih_ret
 boot_image_validate(const struct flash_area *fa_p,
                     struct image_header *hdr)
 {
     static uint8_t tmpbuf[BOOT_TMPBUF_SZ];
-    fih_int fih_rc = FIH_FAILURE;
+    FIH_DECLARE(fih_rc, FIH_FAILURE);
 
     /* NOTE: The first argument to boot_image_validate, for enc_state pointer,
      * is allowed to be NULL only because the single image loader compiles
@@ -58,13 +58,13 @@
 #endif /* MCUBOOT_VALIDATE_PRIMARY_SLOT || MCUBOOT_VALIDATE_PRIMARY_SLOT_ONCE*/
 
 
-inline static fih_int
+inline static fih_ret
 boot_image_validate_once(const struct flash_area *fa_p,
                     struct image_header *hdr)
 {
     static struct boot_swap_state state;
     int rc;
-    fih_int fih_rc = FIH_FAILURE;
+    FIH_DECLARE(fih_rc, FIH_FAILURE);
 
     memset(&state, 0, sizeof(struct boot_swap_state));
     rc = boot_read_swap_state(fa_p, &state);
@@ -74,7 +74,7 @@
             || state.image_ok != BOOT_FLAG_SET) {
         /* At least validate the image once */
         FIH_CALL(boot_image_validate, fih_rc, fa_p, hdr);
-        if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
+        if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
             FIH_RET(FIH_FAILURE);
         }
         if (state.magic != BOOT_MAGIC_GOOD) {
@@ -140,12 +140,12 @@
  *
  * @return		FIH_SUCCESS on success, error code otherwise
  */
-inline static fih_int
+inline static fih_ret
 boot_image_validate_encrypted(const struct flash_area *fa_p,
                     struct image_header *hdr)
 {
     static uint8_t tmpbuf[BOOT_TMPBUF_SZ];
-    fih_int fih_rc = FIH_FAILURE;
+    FIH_DECLARE(fih_rc, FIH_FAILURE);
 
     struct boot_loader_state boot_data;
     struct boot_loader_state *state = &boot_data;
@@ -329,11 +329,11 @@
  *
  * @return		FIH_SUCCESS on success, error code otherwise
  */
-inline static fih_int
+inline static fih_ret
 decrypt_image_inplace(const struct flash_area *fa_p,
                      struct image_header *hdr)
 {
-    fih_int fih_rc = FIH_FAILURE;
+    FIH_DECLARE(fih_rc, FIH_FAILURE);
     int rc;
     struct boot_loader_state boot_data;
     struct boot_loader_state *state = &boot_data;
@@ -359,7 +359,7 @@
 #if 0 //Skip this step?, the image will just not boot if it's not decrypted properly
          /* First check if the encrypted image is a good image before decrypting */
         FIH_CALL(boot_image_validate_encrypted,fih_rc,_fa_p,&_hdr);
-        if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
+        if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
              FIH_RET(fih_rc);
         }
 #endif
@@ -403,7 +403,7 @@
 boot_handle_enc_fw()
 {
     int rc = -1;
-    fih_int fih_rc = FIH_FAILURE;
+    FIH_DECLARE(fih_rc, FIH_FAILURE);
 
     rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY(0), &_fa_p);
     assert(rc == 0);
@@ -416,7 +416,7 @@
     if (IS_ENCRYPTED(&_hdr)) {
         //encrypted, we need to decrypt in place
         FIH_CALL(decrypt_image_inplace,fih_rc,_fa_p,&_hdr);
-        if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
+        if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
             rc = -1;
             goto out;
         }
@@ -439,11 +439,11 @@
  *
  * @return		FIH_SUCCESS on success; nonzero on failure.
  */
-fih_int
+fih_ret
 boot_go(struct boot_rsp *rsp)
 {
     int rc = -1;
-    fih_int fih_rc = FIH_FAILURE;
+    FIH_DECLARE(fih_rc, FIH_FAILURE);
 
     rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY(0), &_fa_p);
     assert(rc == 0);
@@ -454,12 +454,12 @@
 
 #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT
     FIH_CALL(boot_image_validate, fih_rc, _fa_p, &_hdr);
-    if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
+    if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
         goto out;
     }
 #elif defined(MCUBOOT_VALIDATE_PRIMARY_SLOT_ONCE)
     FIH_CALL(boot_image_validate_once, fih_rc, _fa_p, &_hdr);
-    if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
+    if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
         goto out;
     }
 #else