DMA Device Enabled Too Early in Boot Phase

Draft Base

Structure: Simple

Description

This vulnerability occurs when a device with Direct Memory Access (DMA) capability is activated before the system's security settings are fully locked in during the boot process. This oversight can let an attacker bypass normal protections to read sensitive data from memory or escalate their privileges on the system.

Extended Description

DMA allows hardware devices to transfer data directly to and from the system's main memory, bypassing the operating system for speed. While useful for performance, this creates a major security risk if an untrusted device is granted this powerful access before security measures like Input-Output Memory Management Units (IOMMUs) or similar virtualization-based protections are enabled. An attacker with physical or compromised peripheral access could exploit this early window to launch a DMA attack and steal secrets like encryption keys or passwords. This issue is particularly relevant for 'early boot' IPs—hardware components that are powered up and initialized before the boot sequence finishes. If these components have DMA capability and are not considered trusted, they become a potent attack vector. To prevent this, system designers must ensure that all DMA-capable devices are either inherently trusted or that their DMA functionality remains disabled until after the core security configuration and isolation policies are fully established during boot.

Common Consequences 1

Scope: Access Control

Impact: Bypass Protection MechanismModify Memory

DMA devices have direct write access to main memory and due to time of attack will be able to bypass OS or Bootloader access control.

Potential Mitigations 1

Phase: Architecture and Design

Utilize an IOMMU to orchestrate IO access from the start of the boot process.

References 7

DMA attack

19-10-2019

https://en.wikipedia.org/wiki/DMA_attack

ID: REF-1038

Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals

A. Theodore Markettos, Colin Rothwell, Brett F. Gutstein, Allison Pearce, Peter G. Neumann, Simon W. Moore, and Robert N. M. Watson

25-02-2019

https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_05A-1_Markettos_paper.pdf

ID: REF-1039

FireWire all your memory are belong to us

Maximillian Dornseif, Michael Becher, and Christian N. Klein

2005

http://www.orkspace.net/secdocs/Conferences/CanSecWest/2005/0wn3d%20by%20an%20iPod%20-%20Firewire1394%20Issues.pdf(2023-04-07)

ID: REF-1040

Integrating DMA attacks in exploitation frameworks

Rory Breuk, Albert Spruyt, and Adam Boileau

20-02-2012

https://www.os3.nl/_media/2011-2012/courses/rp1/p14_report.pdf

ID: REF-1041

Owned by an iPod

Maximillian Dornseif

2004

https://web.archive.org/web/20060505224959/https://pacsec.jp/psj04/psj04-dornseif-e.ppt(2023-04-07)

ID: REF-1042

My aimful life

Dmytro Oleksiuk

12-09-2015

http://blog.cr4.sh/2015/09/breaking-uefi-security-with-software.html

ID: REF-1044

Hit by a Bus:Physical Access Attacks with Firewire

A. Theodore Markettos and Adam Boileau

2006

https://security-assessment.com/files/presentations/ab_firewire_rux2k6-final.pdf

ID: REF-1046

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Technologies:

System on Chip : Undetermined

Modes of Introduction

Architecture and Design

Related Attack Patterns

180
Incorrect Behavior Order: Validate Before Canonicalize

Related Weaknesses

ChildOf:

Incorrect Behavior Order (CWE-696)