DMSC Secure Boot ROM: Potential Secure Boot vulnerability with explicit EC curve
parameters in X.509 certificate
Details
Boot ROM supports use of EC Root-of-Trust
keys. However, the ROM implementation used explicit curve parameters specified in the X.509
certificate to save ROM memory.
- The issue is that explicitly defined EC
parameters could replicate known public keys — using legitimate, but different, private
keys — if the curve parameters were explicitly defined.
- NIAP (the US Common Criteria Scheme)
recently published a series of technical decisions (TDs) about the use of ECDSA X.509
certificates crossing numerous Protection Profiles.
- According to RFC 5480, section 2.1.1,
using explicitly defined EC parameters is NOT permitted for X.509 certificates.
Use of named curve extensions binds the public key and curve type to prevent this.
Ref:
- Overview https://lightshipsec.com/explicitly-parameterized-ecdsa-x-509-certificates/
- Microsoft vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-0601
- Sect. 2.1.1 advises against explicit curve parameters in PKI https://tools.ietf.org/html/rfc5480
Workaround
Use RSA Root Keys for affected device
variants and revisions. Do not use EC Private Root Keys which require explicit form.