CWE-1323

Trace data collected from several sources on the System-on-Chip (SoC) is stored in unprotected locations or transported to untrusted agents.

{"xhtml:p":["To facilitate verification of complex System-on-Chip\n (SoC) designs, SoC integrators add specific IP blocks that\n trace the SoC's internal signals in real-time. This\n infrastructure enables observability of the SoC's internal\n behavior, validation of its functional design,\n and detection of hardware and software bugs. Such tracing\n IP blocks collect traces from several sources on the SoC\n including the CPU, crypto coprocessors, and on-chip fabrics. Traces collected from these sources are then\n aggregated inside trace IP block and forwarded to trace\n sinks, such as debug-trace ports that facilitate debugging by\n external hardware and software debuggers.","Since\n these traces are collected from several security-sensitive\n sources, they must be protected against untrusted\n debuggers. If they are stored in unprotected memory, an\n untrusted software debugger can access these traces and\n extract secret information. Additionally, if\n security-sensitive traces are not tagged as secure, an\n untrusted hardware debugger might access them to extract\n confidential information."]}

Applicable Platforms