You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When releasing a new version, the "Nightly Release' workflow builds the firmware into a zip file and a "GitHub Release" is created for a repo (for example, see the rt-1.0.0 release).
Unfortunately, anyone with write access to the caliptra-sw or caliptra-rtl repositories can modify the released artifacts, without any additional review or audit logging. You can imagine a scenario where an insider modifies the release to add a backdoor, a vendor downloads the release to integrate in their project, and later the insider switches the binary back to the original version to hide the evidence.
Potential solutions:
Delete all releases and require vendors to checkout the repo and build it themselves.
Publish artifacts into a "caliptra-releases" git repo.
With 2, we would place the artifacts into the git repository itself, which can use branch protection rules to enforce security policy.
With 3, the GHA workflows would be responsible for publishing the binaries, and changing those workflows would require a PR that has to pass the branch protection rules.
In both cases, although this protects the artifacts from repo writers, the few folks with "maintainer" privileges would still have the ability to change the settings and publish malware.
When releasing a new version, the "Nightly Release' workflow builds the firmware into a zip file and a "GitHub Release" is created for a repo (for example, see the rt-1.0.0 release).
Unfortunately, anyone with write access to the caliptra-sw or caliptra-rtl repositories can modify the released artifacts, without any additional review or audit logging. You can imagine a scenario where an insider modifies the release to add a backdoor, a vendor downloads the release to integrate in their project, and later the insider switches the binary back to the original version to hide the evidence.
Potential solutions:
The text was updated successfully, but these errors were encountered: