Visible to Intel only — GUID: GUID-C89B6604-9491-4A3B-A60D-CE2414CE94A4
Visible to Intel only — GUID: GUID-C89B6604-9491-4A3B-A60D-CE2414CE94A4
Monotonic Counters
Monotonic counters allow trusted applications to detect offline storage data replay attacks. A separate monotonic counter is available for use by each applet, and is shared between instances of the same applet (i.e., if multiple applets are running on a platform, each applet will use a separate monotonic counter).
To prevent an attacker from replaying data, the applet reads the current monotonic counter value and increments it every time data is updated. It embeds the incremented counter in the data. If an attacker subsequently attempts to replay the data, the data will contain the old monotonic counter (and not the newly incremented value), thereby indicating that the data is not valid.
The applet can also reset the monotonic counter to zero, in which case the counter does not guarantee the data's validity.
Warning: A monotonic counter's value is lost in the following cases: ♦ After the Return To Factory Defaults (RTFD) operation. ♦ After clear-CMOS/coin-battery removal, unless the counter is protected from replay attacks and is SPI-based (see Protecting Monotonic Counters from Replay Attacks below). For an example of how to use the monotonic counter to prevent replay of old data, see the Protected Storage Sample.
Usage Limitation
Due to flash wear-out considerations, a trusted application is allowed to use up to 100 counter increments or counter reset operations during a single epoch.
The epoch ends when one of the following occurs:
- Platform power cycle (reboot or shut-down).
- 24 hours have passed since the trusted application was installed, or since the last increment or last reset operation.
Protecting Monotonic Counters from Replay Attacks
Starting with API level 7, monotonic counters are protected against replay attacks.
Due to physical limitations, this protection is disabled on some platforms that do not have coin batteries, as described below.
Boot Type | Configuration | Protected Against Replay Attacks? |
---|---|---|
eMMC | RPMB Coin\Coinless | Yes |
SPI | Coin | Yes (value is reset to zero after clear-CMOS) |
Coinless | No |
To detect whether the monotonic counter on the platform is protected against replay attacks, use the Intel DAL API function FlashStorage.GetAntiReplayType(). If the function returns AR_WITH_MANY_FALSE_DETECTIONS, the monotonic counter is protected.
Supported from API level 1.0