Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC - Citegraph

Paper Info

Title
Breaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC

Abstract
FPGA-SoCs are heterogeneous embedded computing platforms consisting of reconfigurable hardware and high-performance processing units. This combination offers flexibility and good performance for the design of embedded systems. However, allowing the sharing of resources between an FPGA and an embedded CPU enables possible attacks from one system on the other. This work demonstrates that a malicious hardware block contained inside the reconfigurable logic can manipulate the memory and peripherals of the CPU. Previous works have already considered direct memory access attacks from malicious logic on platforms containing no memory isolation mechanism. In this work, such attacks are investigated on a modern platform which contains state-of-the-art memory and peripherals isolation mechanisms. We demonstrate two attacks capable of compromising a Trusted Execution Environment based on ARM TrustZone and show a new attack capable of bypassing the secure boot configuration set by a device owner via the manipulation of Battery-Backed RAM and eFuses from malicious logic.

Year	DOI	Venue
2022	10.1007/s13389-021-00273-8	Journal of Cryptographic Engineering
Keywords	DocType	Volume
FPGA-SoCs, Memory and peripherals isolation, Hardware trojan, DMA attack, Trusted execution environment, Secure boot	Journal	12
Issue	ISSN	Citations
2	2190-8508	0
PageRank	References	Authors
0.34	1	4

Authors (4 rows)

Cited by (0 rows)

References (1 rows)

Name	Order	Citations	PageRank
Mathieu Gross	1	0	0.34
Nisha Jacob	2	0	0.34
Andreas Zankl	3	0	0.34
Georg Sigl	4	447	62.13

1