Security vulnerabilities and mitigations

sancus-tee / sancus-core

Minimal OpenMSP430 hardware extensions for isolation and attestation

BSD 3-Clause "New" or "Revised" License

20 stars 13 forks source link

Security vulnerabilities and mitigations #30

Open martonbognar opened 2 years ago

martonbognar commented 2 years ago

This pull request provides patches for some of the vulnerabilities found in our paper "Mind the Gap: Studying the Insecurity of Provably Secure Embedded Trusted Execution Architectures".

If you have any questions or would like us to make any adjustments to the pull request, let us know!

jovanbulck commented 2 years ago

CI fails because the target branch is not named "mitigations". See suggested fix above.

Probably best to create a new branch on margonbognar/sancus-core-gap to hold the PR code with the extra commit for mitigations (else the suggested fix will break the CI at the mitigations branch of margonbognar/sancus-core-gap). If needed we can create the new mitigations-pr branch and close this PR and open a new one, not sure you can change the source branch in a PR..

jovanbulck commented 2 years ago

okay attempted another fix committed above, I expect this would fix it

jovanbulck commented 1 year ago

@martonbognar we kind of lost track of this, I just realized. What is the status on this PR, should we go ahead and merge it?