Loading EN-304-625.md +68 −4 Original line number Diff line number Diff line Loading @@ -790,7 +790,6 @@ Is there a use case where we care about glitching of the network interface itsel #### C.1.1.1 Physical network interfaces * Firmware * All network packets going in and out (packets from host/self-generated protocol packets) * Device configuration (transmit power/channel configuration/options) * Statistics * Security keys (firmware encryption/decryption, MAC level encryption/decryption) Loading @@ -799,10 +798,52 @@ Is there a use case where we care about glitching of the network interface itsel * Device driver code * Interface configuration that is not stored by the host * Statistics * Security keys ### C.1.2 Product functions > See the functions in Section 4.7 Essential Functions. #### C.1.2.1 General FIXME copy back to Essential Functions when done Copied from Section 4.7 Essential Functions. #### C.1.2.2 Physical interface essential functions * Receive and transmit data between host and network at data link layer * Execute host commands (power, config, tx/rx) * Send commands/data to host hardware (wake on LAN) * Keep and report network statistics * Update firmware with image provided by host Optional: * Send commands/trigger actions on host (e.g. wake on network messages) * Packet processing (receive/transmit) at layers higher than data link * Packet encryption at data link layer * Packet encryption at higher layer * Manage firmware update autonomously (image received from the network) FIXME add in system bus related risks ### C.1.2.2 Device driver essential functions * Bridge between network device interface and host software * Handle interrupts, set up tx/rx, copy statistics, etc. * Configure the network interface * Set up and execute firmware update/load with image provided by host software * Monitor device interface and network interface health Optional: * Support optional features of the underlying device hardware or software ### C.1.2.3 Virtual interface essential functions * Bridge between host device driver interface and other software Other functionality is generally implemented outside of the device driver. ## C.2 Threats Loading @@ -815,9 +856,32 @@ Is there a use case where we care about glitching of the network interface itsel > FIXME partial notes, need more threats, need to associate with risk factors Virtual interfaces: all the same issues as device drivers: bad pointer, buffer overflow, memory management errors, bad logic, etc. ### C.2.1 Physical interfaces * Incoming packet can exploit a bug to: * Read/write firmware * Read/write configuration * Read/write statistics * Read/write security keys * Read/write packet contents * Stop packet processing * Slow down packet processing * Drop packets * Send interrupts to host * Reboot the host * Read/write host memory * Unprivileged user ### C.2.2 Device drivers FIXME copy from OS ### C.2.3 Virtual interfaces FIXME copy from OS and add the very small amount of different stuff to mitigate the specific data that is different in a virtual interface. This will be copied from OS - do not bother now Unsorted notes Physical interfaces: Loading Loading
EN-304-625.md +68 −4 Original line number Diff line number Diff line Loading @@ -790,7 +790,6 @@ Is there a use case where we care about glitching of the network interface itsel #### C.1.1.1 Physical network interfaces * Firmware * All network packets going in and out (packets from host/self-generated protocol packets) * Device configuration (transmit power/channel configuration/options) * Statistics * Security keys (firmware encryption/decryption, MAC level encryption/decryption) Loading @@ -799,10 +798,52 @@ Is there a use case where we care about glitching of the network interface itsel * Device driver code * Interface configuration that is not stored by the host * Statistics * Security keys ### C.1.2 Product functions > See the functions in Section 4.7 Essential Functions. #### C.1.2.1 General FIXME copy back to Essential Functions when done Copied from Section 4.7 Essential Functions. #### C.1.2.2 Physical interface essential functions * Receive and transmit data between host and network at data link layer * Execute host commands (power, config, tx/rx) * Send commands/data to host hardware (wake on LAN) * Keep and report network statistics * Update firmware with image provided by host Optional: * Send commands/trigger actions on host (e.g. wake on network messages) * Packet processing (receive/transmit) at layers higher than data link * Packet encryption at data link layer * Packet encryption at higher layer * Manage firmware update autonomously (image received from the network) FIXME add in system bus related risks ### C.1.2.2 Device driver essential functions * Bridge between network device interface and host software * Handle interrupts, set up tx/rx, copy statistics, etc. * Configure the network interface * Set up and execute firmware update/load with image provided by host software * Monitor device interface and network interface health Optional: * Support optional features of the underlying device hardware or software ### C.1.2.3 Virtual interface essential functions * Bridge between host device driver interface and other software Other functionality is generally implemented outside of the device driver. ## C.2 Threats Loading @@ -815,9 +856,32 @@ Is there a use case where we care about glitching of the network interface itsel > FIXME partial notes, need more threats, need to associate with risk factors Virtual interfaces: all the same issues as device drivers: bad pointer, buffer overflow, memory management errors, bad logic, etc. ### C.2.1 Physical interfaces * Incoming packet can exploit a bug to: * Read/write firmware * Read/write configuration * Read/write statistics * Read/write security keys * Read/write packet contents * Stop packet processing * Slow down packet processing * Drop packets * Send interrupts to host * Reboot the host * Read/write host memory * Unprivileged user ### C.2.2 Device drivers FIXME copy from OS ### C.2.3 Virtual interfaces FIXME copy from OS and add the very small amount of different stuff to mitigate the specific data that is different in a virtual interface. This will be copied from OS - do not bother now Unsorted notes Physical interfaces: Loading
