Description
The hardware design control register "sticky bits" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software.
Integrated circuits and hardware IP software programmable controls and settings are commonly stored in register circuits. These register contents have to be initialized at hardware reset to define default values that are hard coded in the hardware description language (HDL) code of the hardware unit. A common security protection method used to protect register settings from modification by software is to make the settings write-once or "sticky." This allows writing to such registers only once, whereupon they become read-only. This is useful to allow initial boot software to configure systems settings to secure values while blocking runtime software from modifying such hardware settings. Failure to implement write-once restrictions in hardware design can expose such registers to being re-programmed by software and written multiple times. For example, write-once fields could be implemented to only be write-protected if they have been set to value "1", wherein they would work as "write-1-once" and not "write-once".
Potential Impact
Confidentiality, Integrity, Availability, Access Control
Varies by Context
Demonstrative Examples
module register_write_once_example
(
input [15:0] Data_in,
input Clk,
input ip_resetn,
input global_resetn,
input write,
output reg [15:0] Data_out
);
reg Write_once_status;
always @(posedge Clk or negedge ip_resetn)
if (~ip_resetn)
begin
Data_out <= 16'h0000;
Write_once_status <= 1'b0;
end
else if (write & ~Write_once_status)
begin
Data_out <= Data_in & 16'hFFFE;
Write_once_status <= Data_in[0]; // Input bit 0 sets Write_once_status
end
else if (~write)
begin
Data_out[15:1] <= Data_out[15:1];
Data_out[0] <= Write_once_status;
end
endmodulemodule register_write_once_example
(
input [15:0] Data_in,
input Clk,
input ip_resetn,
input global_resetn,
input write,
output reg [15:0] Data_out
);
reg Write_once_status;
always @(posedge Clk or negedge ip_resetn)
if (~ip_resetn)
begin
Data_out <= 16'h0000;
Write_once_status <= 1'b0;
end
else if (write & ~Write_once_status)
begin
Data_out <= Data_in & 16'hFFFE;
Write_once_status <= 1'b1; // Write once status set on first write, independent of input
end
else if (~write)
begin
Data_out[15:1] <= Data_out[15:1];
Data_out[0] <= Write_once_status;
end
endmoduleMitigations & Prevention
During hardware design, all register write-once or sticky fields must be evaluated for proper configuration.
Detection Methods
- Automated Analysis — Use automated tools to test that values are not reprogrammable and that write-once fields lock on writing zeros.
Related Weaknesses
Frequently Asked Questions
What is CWE-1224?
CWE-1224 (Improper Restriction of Write-Once Bit Fields) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The hardware design control register "sticky bits" or write-once bit fields are improperly implemented, such that they can be reprogrammed by software.
How can CWE-1224 be exploited?
Attackers can exploit CWE-1224 (Improper Restriction of Write-Once Bit Fields) to varies by context. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.
How do I prevent CWE-1224?
Key mitigations include: During hardware design, all register write-once or sticky fields must be evaluated for proper configuration.
What is the severity of CWE-1224?
CWE-1224 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.