Security researchers have discovered an unpatchable security flaw in a popular brand of system-on-chip (SoC) boards manufactured by Xilinx.
The vulnerable component is Xilinx's Zynq UltraScale+ brand, which includes system-on-chip (SoC), multi-processor system-on-chip (MPSoC), and radio frequency system-on-chip (RFSoC) products used inside automotive, aviation, consumer electronics, industrial, and military components.
Two bugs found, but one is unpatchable
According to security researchers with Inverse Path -- F-Secure's hardware security team -- these SoCs contain security flaws that undermine their secure boot capabilities.
F-Secure said that the Encrypt Only secure boot mode of these SoCs contains two security flaws, one of which is unpatchable by a software update, and requires "a new silicon revision" from the vendor.
In a technical report published on GitHub, researchers said the Xilinx Zynq UltraScale+ Encrypt Only secure boot mode does not encrypt boot image metadata, which leaves this data vulnerable to malicious modifications.
"Attackers able tamper with the boot header in the early stages of the boot procedure can modify its contents to execute arbitrary code, thereby bypassing the security measures offered by the 'encrypt only' mode," said F-Secure's Adam Pilkey.
Researchers also found a second bug. While the first was in the boot header parsing performed by the boot ROM, the second bug was in the parsing of partition header tables. This second bug also allowed attackers to run arbitrary code, but unlike the first, this was patchable.
However, Xilinx did not release a software fix for this second bug, as attackers could always bypass any patch the company would have released by exploiting the first bug.
Limited attack surface, but a devastating attack if it happens
Obviously, only Zynq UltraScale+ SoCs configured to boot in the "encrypt only" secure boot mode are affected by this issue. This secure boot mode is often used by equipment vendors to enforce authentication and confidentiality of firmware and other software assets loaded inside devices that use Zynq UltraScale+ SoCs as their internal computing component.
Furthermore, attackers can only exploit these two security flaws with physical access to a device, in order to perform a DPA (Differential Power Analysis) attack on the SoCs boot up sequence.
However, most of the devices where Zynq UltraScale+ SoCs are used are generally used in offline scenarios, meaning a physical attack would often be the only attack vector anyway.
In a security advisory released following F-Secure's findings, Xilinx said it modified its technical manuals so equipment vendors which use Zynq UltraScale+ SoCs will know to use the unaffected and stronger Hardware Root of Trust (HWRoT) secure boot mode instead of the weaker Encryption Only one.
"The HWRoT boot mode does authenticate the boot and partition headers," Xilinx said.
"For systems that must use the Encrypt Only boot mode, customers are advised to consider system level protections that take into account DPA, unauthenticated boot, and partition header attack vectors."
Xilinx also issued the following guidance and statement:
Since the introduction of the Encrypt Only boot mode in 2018, which was a feature request made by our customers, our public documentation has clearly stated that additional system-level protections are required. If these system-level protections are implemented as recommended, the system remains secure. In addition, we recently issued a Design Advisory as a response to the report reminding customers of our existing guidelines. To achieve maximum security, customers can choose our Hardware Root of Trust boot mode without additional system-level protections or implement our Encrypt Only boot mode with system-level protections, as per Xilinx documentation. For more information on our design advisory please go to https://www.xilinx.com/support/answers/72588.html
F-Secure said it found these two vulnerabilities while performing a security audit.
Updated with Xilinx statement beyond what was given in its security advisory.
More vulnerability reports:
- Microsoft August 2019 Patch Tuesday fixes 93 security bugs
- Vulnerabilities in Google Nest Cam IQ can be used to hijack the camera, leak data
- Clever attack uses SQLite databases to hack other apps, malware servers
- iPhone warning: Apple blunder spawns new jailbreak, security threats
- Backdoor found in Webmin, a popular web-based utility for managing Unix servers
- Vulnerability in Microsoft CTF protocol goes back to Windows XP
- Google will now pay up to $30,000 for reporting a Chrome bug CNET
- Top 10 app vulnerabilities: Unpatched plugins and extensions dominate TechRepublic