Software downgrade protection
To avoid malicious downgrade of ACU6 software, with the intent of exposing fixed security issues, the ACU6 implements a software downgrade protection mechanism. It is implemented by assigning each software package with a security index. The security index is a strictly increasing positive integer that indicates a certain level of security.
When a new software version mitigates known security issues, the security index is increased accordingly. To prevent that those security issues are re-introduced by downgrading, an update is rejected if a software package included in the update has a security index lower than the corresponding installed package.
The downgrade protection mechanism is applied for OTA and local updates. It is still possible to downgrade through USB flashing.
Security index |
Update OK |
||
|---|---|---|---|
Downloaded |
< |
Installed |
NO |
Downloaded |
= |
Installed |
YES |
Downloaded |
> |
Installed |
YES |
Legacy software that has not been assigned a security index is considered to have security index 0. Equally, software that is not actively assigned a security index is considered to have security index 0. On a system with software packages assigned with security index 0, or no security index, it is possible to install any version of the ACU6 base software or user software. After software packages with a security index greater than 0 is installed it will no longer be possible to downgrade to a version with lower security index, except if the device is flashed through USB.
The security index for Actia’s ACU6 base software and the security index of user software are independent of each other. This means that even though the installed base software is assigned a security index, it is still possible to install user software with a lower security index. The security index is per-package and only relevant for the package it is assigned to.
Security index of ACU6 Actia software
The security index for Actia’s ACU6 base software is managed by Actia according to Actia’s security index policy. Software version and security index are not necessarily stepped together. A new software version can still have the same security index as its predecessor.
Security index of ACU6 user software
As a user, you have the possibility to assign a security index to your software and update it according to your own policy. To enhance security, it is recommended to assign a security index for user software as well.
Add and update security index
To add a security index for user software in an existing project, based on the project template, complete the following steps:
Create the file
files/user-security-index.txt.Populate it with a security index. Note that this number must be either 0 or a positive integer.
Add the following line to
Makefile:export USER_SECURITY_INDEX := $(shell cat $(TOPDIR)/files/user-security-index.txt)
If you are creating a new project using the project template, the steps above are already completed. You will only
need to populate the files/user-security-index.txt with a security index.
To update the security index, modify the value stored in files/user-security-index.txt.