Mitigating security vulnerability CVE-2020-16273

Technical Note 201016

Targets:
Arm

Component:
General

Updated:
10/16/2020 4:12 PM

Introduction

A potential security vulnerability has been discovered relating to the management of secure stacks on Arm v8-M devices with security extensions, known as TrustZone.

This is not a hardware issue and Arm has devised a simple software solution.

This document describes how IAR Systems is addressing the issue and what a developer can do to mitigate the issue.

Discussion

For a description of the issue, see CVE-2020-16237 and Arm Security Advisory Note.

Future releases of IAR Embedded Workbench for Arm will have updated startup files for all Cortex-M devices and also for devices without TrustZone. A developer using non-standard or legacy startup files can update the startup with the following short preamble to the startup:

__iar_program_start:
movw r0, #0xeda5
movt r0, #0xfef5
mov r1, r0
push {r0, r1}
mov r0, sp
msr PSP, r0

Conclusion

With the recommended solution in this document, the secure stacks will be sealed against secure stack underflows.

 

All product names are trademarks or registered trademarks of their respective owners.

© IAR Systems 1995-2020 - All rights reserved.

We use cookies on this website to provide you with a better experience. You need to accept cookies to continue using this site. Cookies