Microchip ATSAMA5 SoC Multiple Vulnerabilities
CVE-2020-12787, CVE-2020-12788, CVE-2020-12789
Description
Multiple vulnerabilities have been discovered which affect the security of solutions built using the Microchip ATSAMA5 SoC series, when making use of the Secure Boot capabilities of these SoCs. This pre-release advisory describes the identified vulnerable situations and affected part numbers while trying to limit exposure for products integrating these SoCs. The full technical advisory will be released in the near future.
Improper applet handling
A programming error was discovered which allows an attacker to bypass existing security mechanisms related to applet handling when the attacked device is in Secure Mode.
This only affects products which have Secure Monitor enabled.
CMAC verification susceptible to SPA
The AES-128 based CMAC authentication is used to prove authenticity and integrity of software components such as monitor applets and bootstrap code. The implementation of CMAC verification functionality was found to be vulnerable to timing and power analysis attacks.
Hardcoded keys are used for protecting applets
It was found that the key set used to encrypt and authenticate secure applets is hardcoded within the Secure Monitor and is available for abuse once this code has been extracted.
This only affects products which have Secure Monitor enabled.
Impact
The cumulative impact of the described issues leads to a significant compromise of the expected security guarantees provided by the Secure Boot feature when no mitigations are applied.
Affected part numbers
Affected CPNs for the SAMA5D2 product line:
- ATSAMA5D21C-CU, ATSAMA5D21C-CUR
- ATSAMA5D22C-CN, ATSAMA5D22C-CNR, ATSAMA5D22C-CU, ATSAMA5D22C-CUR
- ATSAMA5D23C-CN, ATSAMA5D23C-CNR, ATSAMA5D23C-CU, ATSAMA5D23C-CUR
- ATSAMA5D24C-CU, ATSAMA5D24C-CUF, ATSAMA5D24C-CUR
- ATSAMA5D26C-CN, ATSAMA5D26C-CNR, ATSAMA5D26C-CU, ATSAMA5D26C-CUR
- ATSAMA5D27C-CN, ATSAMA5D27C-CNR, ATSAMA5D27C-CU, ATSAMA5D27C-CUR
- ATSAMA5D28C-CN, ATSAMA5D28C-CNR, ATSAMA5D28C-CU, ATSAMA5D28C-CUR
- ATSAMA5D27C-CNVAO, ATSAMA5D27C-CNRVAO
SiP variants:
- ATSAMA5D225C-D1M-CUR
- ATSAMA5D27C-D5M-CU, ATSAMA5D27C-D5M-CUR,
- ATSAMA5D27C-D1G-CU, ATSAMA5D27C-D1G-CUR
- ATSAMA5D28C-D1G-CU, ATSAMA5D28C-D1G-CUR
- ATSAMA5D27C-LD1G-CU, ATSAMA5D27C-LD1G-CUR
- ATSAMA5D27C-LD2G-CU, ATSAMA5D27C-LD2G-CUR
- ATSAMA5D28C-LD1G-CU, ATSAMA5D28C-LD1G-CUR
- ATSAMA5D28C-LD2G-CU, ATSAMA5D28C-LD2G-CUR
SoM variants:
- ATSAMA5D27-WLSOM1
- ATSAMA5D27-SOM1
Affected CPNs for the SAMA5D3 product line:
- ATSAMA5D31A-CU, ATSAMA5D31A-CUR, ATSAMA5D31A-CFU, ATSAMA5D31A-CFUR
- ATSAMA5D33A-CU, ATSAMA5D33A-CUR
- ATSAMA5D34A-CU, ATSAMA5D34A-CUR
- ATSAMA5D35A-CU, ATSAMA5D35A-CUR, ATSAMA5D35A-CN, ATSAMA5D35A-CNR
- ATSAMA5D36A-CU, ATSAMA5D36A-CUR, ATSAMA5D36A-CN, ATSAMA5D36A-CNR
Affected CPNs for the SAMA5D4 product line:
- ATSAMA5D41A-CU, ATSAMA5D41A-CUR, ATSAMA5D41B-CU, ATSAMA5D41B-CUR
- ATSAMA5D42A-CU, ATSAMA5D42A-CUR, ATSAMA5D42B-CU, ATSAMA5D42B-CUR
- ATSAMA5D43A-CU, ATSAMA5D43A-CUR, ATSAMA5D43B-CU, ATSAMA5D43B-CUR
- ATSAMA5D44A-CU, ATSAMA5D44A-CUR, ATSAMA5D44B-CU, ATSAMA5D44B-CUR
Solution
For products based on the SAMA5D2 and SAMA5D4 devices, disabling the SAM-BA monitor after provisioning the chips mitigates all the reported issues. This can be done by setting the "Disable Monitor" bit in the fuse area.
CMAC verification issue may be mitigated by choosing the RSA authentication option to replace CMAC calculation.
For products based on the SAMA5D3 devices, no mitigations were identified. The only identified solution is to update the products to the next silicon revision when made available by Microchip.
CVE assignment
CVE | Description |
CVE-2020-12787 | Improper applet verification |
CVE-2020-12788 | CMAC verification susceptible to SPA |
CVE-2020-12789 | Hardcoded keys are used for protecting applets |