Mitigation-page

MID-030: Firmware Rollback Protections

Mitigation Tier: Foundational

Description

To deploy firmware rollback protections, devices need to take steps to ensure that once new firmware has been deployed and is confirmed to be operational on the device, older firmware cannot be deployed again. There are many ways to handle increasing firmware version numbers, with two implementations being an automatic update on reset and an update on command.

“Automatic update on reset” [1] involves the Boot ROM updating the anti-rollback reference version when a newer version has been successfully loaded. To reach a success stage, the new image must pass all secure boot checks, such as the authenticity and integrity checks in MID-026 - Secure Firmware Update. This method gives no window of attack for threat actors trying to rollback firmware between updates and firmware success, however it also means that if there are errors in the firmware the user cannot revert to the last-known-good copy. Vendors themselves however can still rollback to a previous version by repackaging the firmware and distributing it with new version numbers [1].

“Update on command” [1] involves the anti-rollback reference version being updated in response to a secure message from an authorized management service. The previous version is therefore revoked only after the device management service signals that the newer version has no identified faults. This means that the device will be able to revert to an earlier version of the firmware before they receive the final message. While this gives users increased flexibility because they can choose to accept or reject firmware after trying it out, it also means that devices are left vulnerable during the window between firmware update and when the secure message is received. Additionally, this method may leave devices vulnerable to a denial-of-service attack that can be initiated by blocking the secure completion message. The device will therefore never accept the firmware and won’t begin operations [1].

Consideration: If an attacker can spoof the anti-rollback references to increment the versions, the device could be rendered inoperable. Vendors must ensure that only authorized software is able to update the anti-rollback references. See MID-026 - Secure Firmware Update for more information. Given the risks and challenges in creating a resilient rollback protection feature, device designers should carefully consider whether this mitigation is appropriate for their use case before pursuing it.

IEC 62443 4-2 Mappings

  • EDR / HDR / NDR 3.10 - Support for updates 

  • SAR / EDR / HDR / NDR 3.2 - Protection for malicious code 

References

[1] ARM. “Platform Security Model.” psacertificed.org. Accessed: Aug. 28, 2024. [Online.] Available: https://www.psacertified.org/app/uploads/2021/12/JSADEN014_PSA_Certified_SM_V1.1_BET0.pdf