Improper Management of Sensitive Trace Data
This vulnerability occurs when sensitive trace data from a System-on-Chip (SoC), such as information from CPUs or cryptographic modules, is stored in unsecured memory or transmitted to unauthorized debuggers, potentially exposing confidential information.
Modern System-on-Chip (SoC) designs incorporate specialized tracing hardware to monitor internal signals in real-time. This capability is essential for debugging and validating complex hardware and software interactions. However, these traces often capture highly sensitive data from security-critical components like cryptographic engines and processor cores. If this collected trace data isn't properly secured—either by storing it in unprotected memory or failing to tag it with security metadata—it becomes accessible to unauthorized agents. An untrusted software debugger could read unprotected memory to extract secrets, while a hardware debugger might access improperly tagged traces, leading to the exposure of confidential information and system compromise.
Impact: Read Memory
An adversary can read secret values if they are captured in debug traces and stored unsafely.
Code Example:
The traces do not have any privilege level attached to them. All collected traces can be viewed by any debugger (i.e., SoC designer, OEM debugger, or end user).
Code Example:
Some of the traces are SoC-design-house secrets, while some are OEM secrets. Few are end-user secrets and the rest are not security-sensitive. Tag all traces with the appropriate, privilege level at the source. The bits indicating the privilege level must be immutable in their transit from trace source to the final, trace sink. Debugger privilege level must be checked before providing access to traces.