Announcement on January 6, 2022: GM and Qualcomm showcase collaboration at CES that brings first dedicated Snapdragon system-on-chips to GM’s upcoming advanced driver assistance system for fast, robust data processing.
Preface: When the Snapdragon SA8540P SoC and SA9000P AI accelerator work together, they typically use a coordinated boot process. Each component has its own firmware, but they are designed to work seamlessly together within the system.
Background: The High Assurance Boot (HAB) process is indeed located within the embedded OS environment, specifically in the normal world. It is designed to ensure that only authenticated and trusted software images are executed on the device, providing a secure boot mechanism.
Here’s a brief overview of how HAB works:
- Digital Signatures: HAB uses digital signatures to authenticate the initial software image. This involves creating a unique identifier (certificate) for the image using asymmetric encryption. The private key is used to encrypt the image, while the public key is attached to it.
- Authentication: During boot, the boot ROM uses the public key to decrypt the certificate and verify the image. If the certificate matches the image, it is considered trusted and allowed to run. Otherwise, it is rejected.
- Chain of Trust: HAB establishes a chain of trust for subsequent software components, such as the kernel image, ensuring that the entire system remains secure.
Vulnerability details: Improper Access Control in Automotive Linux OS. Memory corruption may occur due top improper access control in HAB process.
Technology Area – Automotive Linux OS
Vulnerability Type – CWE-284 Improper Access Control
Official announcement: Please refer to the link for details –