Security researchers have discovered an unpatchable security flaw in a popular brand of system-on-chip (SoC) boards manufactured by Xilinx.
The vulnerable component is Xilinx’s Zynq UltraScale+ brand, which includes system-on-chip (SoC), multi-processor system-on-chip (MPSoC), and radio frequency system-on-chip (RFSoC) products used inside automotive, aviation, consumer electronics, industrial, and military components.
Two bugs found, but one is unpatchable
According to security researchers with Inverse Path — F-Secure’s hardware security team — these SoCs contain security flaws that undermine their secure boot capabilities.
F-Secure said that the Encrypt Only secure boot mode of these SoCs contains two security flaws, one of which is unpatchable by a software update, and requires “a new silicon revision” from the vendor.
In a technical report published on GitHub, researchers said the Xilinx Zynq UltraScale+ Encrypt Only secure boot mode does not encrypt boot image metadata, which leaves this data vulnerable to malicious modifications.
“Attackers able tamper with the boot header in the early stages of the boot procedure can modify its contents to execute arbitrary code, thereby bypassing the security measures offered by the ‘encrypt only’ mode,” said F-Secure’s Adam Pilkey.
Researchers also found a second bug. While the first was in the boot header parsing performed by the boot ROM, the second bug was in the parsing of partition header tables. This second bug also allowed attackers to run arbitrary code, but unlike the first, this was patchable.
However, Xilinx did not release a software fix for this second bug, as attackers could always bypass any patch the company would have released by exploiting the first bug.
Limited attack surface, but a devastating attack if it happens
Obviously, only Zynq UltraScale+ SoCs configured to boot in the “encrypt only” secure boot mode are affected by this issue. This secure boot mode is often used by equipment vendors to enforce authentication and confidentiality of firmware and other software assets loaded inside devices that use Zynq UltraScale+ SoCs as their internal computing component.
Furthermore, attackers can only exploit these two security flaws with physical access to a device, in order to perform a DPA (Differential Power Analysis) attack on the SoCs boot up sequence.
However, most of the devices where Zynq UltraScale+ SoCs are used are generally used in offline scenarios, meaning a physical attack would often be the only attack vector anyway.
In a security advisory released following F-Secure’s findings, Xilinx said it modified its technical manuals so equipment vendors which use Zynq UltraScale+ SoCs will know to use the unaffected and stronger Hardware Root of Trust (HWRoT) secure boot mode instead of the weaker Encryption Only one.
“The HWRoT boot mode does authenticate the boot and partition headers,” Xilinx said.
“For systems that must use the Encrypt Only boot mode, customers are advised to consider system level protections that take into account DPA, unauthenticated boot, and partition header attack vectors.”
F-Secure said it found these two vulnerabilities while performing a security audit.
More vulnerability reports: