The second read of the lock register was inserted to prevent a glitch attack from bypassing the FIPS self test logic and execute a different mailbox command. However, the second read causes a race condition and the SoC can maliciously or accidentally force Caliptra to crash by releasing the lock at the time the CFI check of the lock is performed.
This issue was encountered when running test cases inside AMD.
Given an attacker can prevent FIPS self-test from happening by just controlling the acquisition and release of the lock, the CFI check is not protecting much.
CFI check of mailbox lock causes race condition https://github.com/chipsalliance/caliptra-sw/blob/main/runtime/src/lib.rs#L131
The second read of the lock register was inserted to prevent a glitch attack from bypassing the FIPS self test logic and execute a different mailbox command. However, the second read causes a race condition and the SoC can maliciously or accidentally force Caliptra to crash by releasing the lock at the time the CFI check of the lock is performed.
This issue was encountered when running test cases inside AMD.
Given an attacker can prevent FIPS self-test from happening by just controlling the acquisition and release of the lock, the CFI check is not protecting much.