AR# 56948

14.6 FSBL has Security Risks that need to be addressed


Version14.6 of  FSBL contains Security Risks which need to be addressed.
The Partition Header used by FSBL is not authenticated

The Partition Header contains details about the partition attributes which are used by FSBL to determine whether the partition needs to be authenticated or not.

Security Risk:
A hacker could change the RSA attribute values in the Partition header and make FSBL skip the authentication of those partitions.

This could results in partitions of the hackers choosing being loaded.
FSBL does not use PPK authenticated by Boot ROM for authenticating the Partition images

FSBL must use the same PPK as in the FSBL certificate which BootROM has authenticated.

Security Risk:
FSBL always trusts the PPK that was attached with the authentication certificate of that Partition.

A Hacker could create their own authentication certificate which contains their own PPK and SPK.


These issues have been resolved in FSBL version 14.7.


AR# 56948
日期 05/30/2014
状态 Active
Type 已知问题