International Association for Cryptologic Research

International Association
for Cryptologic Research


How to Break Secure Boot on FPGA SoCs Through Malicious Hardware

Nisha Jacob
Johann Heyszl
Andreas Zankl
Carsten Rolfes
Georg Sigl
DOI: 10.1007/978-3-319-66787-4_21
Search ePrint
Search Google
Conference: CHES 2017
Abstract: Embedded IoT devices are often built upon large system on chip computing platforms running a significant stack of software. For certain computation-intensive operations such as signal processing or encryption and authentication of large data, chips with integrated FPGAs, FPGA SoCs, which provide high performance through configurable hardware designs, are used. In this contribution, we demonstrate how an FPGA hardware design can compromise the important secure boot process of the main software system to boot from a malicious network source instead of an authentic signed kernel image. This significant and new threat arises from the fact that the CPU and FPGA are connected to the same memory bus, so that FPGA hardware designs can interfere with secure boot routines on FPGA SoCs that are without any interruption on regular SoCs. An enabling factor is that integrated hardware designs are likely bought from external partners and there is a realistic lack of security review at the system integrators. This facilitates flaws or even unwanted functionality in such hardware designs. We perform a proof of concept on a Xilinx Zynq-7000 FPGA SoC, and the threat can be generalized to other devices. We also present as effective mitigation, an easy-to-review and re-usable wrapper module which prevents any unauthorized memory access by included hardware designs.
  title={How to Break Secure Boot on FPGA SoCs Through Malicious Hardware},
  booktitle={Cryptographic Hardware and Embedded Systems – CHES 2017},
  series={Lecture Notes in Computer Science},
  author={Nisha Jacob and Johann Heyszl and Andreas Zankl and Carsten Rolfes and Georg Sigl},