{"@ID": "1304", "@Name": "Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Draft", "Description": "The product performs a power save/restore\n            operation, but it does not ensure that the integrity of\n            the configuration state is maintained and/or verified between\n\t    the beginning and ending of the operation.", "Extended_Description": {"xhtml:p": "Before powering down, the Intellectual\n                Property (IP) saves current state (S) to persistent\n                storage such as flash or always-on memory in order to\n                optimize the restore operation.  During this process,\n                an attacker with access to the persistent storage may\n                alter (S) to a configuration that could potentially\n                modify privileges, disable protections, and/or cause\n                damage to the hardware. If the IP does not validate\n                the configuration state stored in persistent memory,\n                upon regaining power or becoming operational again,\n                the IP could be compromised through the activation of\n                an unwanted/harmful configuration."}, "Related_Weaknesses": {"Related_Weakness": [{"@Nature": "ChildOf", "@CWE_ID": "284", "@View_ID": "1000", "@Ordinal": "Primary"}, {"@Nature": "PeerOf", "@CWE_ID": "345", "@View_ID": "1000"}, {"@Nature": "PeerOf", "@CWE_ID": "1271", "@View_ID": "1194"}]}, "Weakness_Ordinalities": {"Weakness_Ordinality": [{"Ordinality": "Primary"}, {"Ordinality": "Resultant"}]}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Operating_System": {"@Class": "Not OS-Specific", "@Prevalence": "Undetermined"}, "Architecture": {"@Class": "Not Architecture-Specific", "@Prevalence": "Undetermined"}, "Technology": {"@Class": "Not Technology-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Architecture and Design", "Note": "Weakness introduced via missing internal integrity guarantees during power save/restore"}, {"Phase": "Integration", "Note": "Weakness introduced via missing external integrity verification during power save/restore"}]}, "Common_Consequences": {"Consequence": {"Scope": ["Confidentiality", "Integrity"], "Impact": ["DoS: Instability", "DoS: Crash, Exit, or Restart", "DoS: Resource Consumption (Other)", "Gain Privileges or Assume Identity", "Bypass Protection Mechanism", "Alter Execution Logic", "Quality Degradation", "Unexpected State", "Reduce Maintainability", "Reduce Performance", "Reduce Reliability"], "Likelihood": "High"}}, "Potential_Mitigations": {"Mitigation": [{"Phase": "Architecture and Design", "Description": "Inside the IP, incorporate integrity checking\n                        on the configuration state via a cryptographic\n                        hash. The hash can be protected inside the IP such as\n                        by storing it in internal registers which never lose\n                        power. Before powering down, the IP performs a hash of\n                        the configuration and saves it in these persistent\n                        registers. Upon restore, the IP performs a hash of the\n                        saved configuration and compares it with the\n                        saved hash. If they do not match, then the IP should\n                        not trust the configuration."}, {"Phase": "Integration", "Description": "Outside the IP, incorporate integrity checking\n                        of the configuration state via a trusted agent. Before\n                        powering down, the trusted agent performs a hash of the\n                        configuration and saves the hash in persistent storage.\n                        Upon restore, the IP requests the trusted agent\n                        validate its current configuration. If the\n                        configuration hash is invalid, then the IP should not\n                        trust the configuration."}, {"Phase": "Integration", "Description": "Outside the IP, incorporate a protected\n                        environment that prevents undetected modification of\n                        the configuration state by untrusted agents. Before\n                        powering down, a trusted agent saves the IP's\n                        configuration state in this protected location that\n                        only it is privileged to. Upon restore, the trusted\n                        agent loads the saved state into the IP."}]}, "Demonstrative_Examples": {"Demonstrative_Example": {"Intro_Text": "The following pseudo code demonstrates the\n                        power save/restore workflow which may lead to weakness\n                        through a lack of validation of the config state after\n                        restore.", "Example_Code": [{"@Nature": "Bad", "@Language": "C", "xhtml:br": [null, null, null, null, null, null, null], "xhtml:div": [{"@style": "margin-left:1em;", "xhtml:br": [null, null, null, null, null, null], "#text": "void* cfg;\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tcfg = get_config_state();\n\t\t\t\t\t\t\tsave_config_state(cfg);\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tgo_to_sleep();"}, {"@style": "margin-left:1em;", "xhtml:br": [null, null, null], "#text": "void* cfg;\n\t\t\t\t\t\t\tcfg = get_config_file();\n\t\t\t\t\t\t\tload_config_file(cfg);"}], "#text": "void save_config_state()\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\n\t\t\t\t\t\t}\n\t\t\t\t\t\t\n\t\t\t\t\t\tvoid restore_config_state()\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\n\t\t\t\t\t\t}"}, {"@Nature": "Good", "@Language": "C", "xhtml:br": [null, null, null, null, null, null, null], "xhtml:div": [{"@style": "margin-left:1em;", "xhtml:br": [null, null, null, null, null, null, null, null, null, null, null], "#text": "void* cfg;\n\t\t\t\t\t\t\tvoid* sha;\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tcfg = get_config_state();\n\t\t\t\t\t\t\tsave_config_state(cfg);\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t// save hash(cfg) to trusted location\n\t\t\t\t\t\t\tsha = get_hash_of_config_state(cfg);\n\t\t\t\t\t\t\tsave_hash(sha); \n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tgo_to_sleep();"}, {"@style": "margin-left:1em;", "xhtml:br": [null, null, null, null, null, null, null, null, null, null, null], "xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": null, "#text": "assert_error_and_halt();"}, "#text": "void* cfg;\n\t\t\t\t\t\t\tvoid* sha_1, sha_2;\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tcfg = get_config_file();\n\t\t\t\t\t\t\t// restore hash of config from trusted memory\n\t\t\t\t\t\t\tsha_1 = get_persisted_sha_value();\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tsha_2 = get_hash_of_config_state(cfg);\n\t\t\t\t\t\t\tif (sha_1 != sha_2)\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\tload_config_file(cfg);"}], "#text": "void save_config_state()\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\n\t\t\t\t\t\t}\n\t\t\t\t\t\t\n\t\t\t\t\t\tvoid restore_config_state()\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\n\t\t\t\t\t\t}"}], "Body_Text": ["The following pseudo-code is the proper workflow for the integrity checking mitigation:", "It must be noted that in the previous example of\n                        good pseudo code, the memory (where the hash of the\n                        config state is stored) must be trustworthy while the\n                        hardware is between the power save and restore states."]}}, "Functional_Areas": {"Functional_Area": "Power"}, "Related_Attack_Patterns": {"Related_Attack_Pattern": {"@CAPEC_ID": "176"}}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Organization": "Accellera Systems Initiative", "Submission_Date": "2020-07-16", "Submission_Version": "4.2", "Submission_ReleaseDate": "2020-08-20"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-03-15", "Modification_Version": "4.4", "Modification_ReleaseDate": "2021-03-15", "Modification_Comment": "updated Functional_Areas"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-07-20", "Modification_Version": "4.5", "Modification_ReleaseDate": "2021-07-20", "Modification_Comment": "updated Related_Attack_Patterns"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Weakness_Ordinalities"}]}}
