bootutil: Introduce HW rollback protection
- Add image security counter verification (read security counter value
from the image manifest and compare it against the stored/active
security counter) as an optional part of the image validation process
to prevent the restoration of older, potentially vulnerable images.
- This feature can be enabled with the MCUBOOT_HW_ROLLBACK_PROT option.
- Add security counter interface to MCUBoot. If HW rollback protection
is enabled then the platform must provide a mechanism to store and
read the security counter value in a robust and secure way.
Change-Id: Iee4961c1da5275a98ef17982a65b361370d2a178
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index a5009e4..dacaf3a 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -1,4 +1,5 @@
# Copyright (c) 2017 Linaro Limited
+# Copyright (c) 2020 Arm Limited
#
# SPDX-License-Identifier: Apache-2.0
#
@@ -361,8 +362,12 @@
help
Enables support of multi image update.
+choice
+ prompt "Downgrade prevention"
+ optional
+
config MCUBOOT_DOWNGRADE_PREVENTION
- bool "Downgrade prevention"
+ bool "SW based downgrade prevention"
depends on BOOT_UPGRADE_ONLY
help
Prevent downgrades by enforcing incrementing version numbers.
@@ -371,4 +376,14 @@
only protects against some attacks against version downgrades (for
example, a JTAG could be used to write an older version).
+config MCUBOOT_HW_DOWNGRADE_PREVENTION
+ bool "HW based downgrade prevention"
+ help
+ Prevent undesirable/malicious software downgrades. When this option is
+ set, any upgrade must have greater or equal security counter value.
+ Because of the acceptance of equal values it allows for software
+ downgrade to some extent.
+
+endchoice
+
source "Kconfig.zephyr"