Researchers conducting a routine security audit recently discovered two serious security flaws within a popular brand of System on a Chip (SoC) boards. The security vulnerability undermines secure boot capabilities. What’s most concerning is the fact that the SoC is deployed in several critical components that go into mainstream industry segments like automotive, aviation, consumer electronics, and even industrial and military equipment. If successfully compromised, the SoC board could easily serve as a platform to launch sophisticated and sustained attacks on some of the most critical infrastructure.
Security researchers with Inverse Path, which is F-Secure’s hardware security team, discovered two security flaws within a popular SoC brand that undermines their secure boot capabilities. While one can be addressed, both the vulnerabilities are currently unpatched. The SoC board is widely preferred for its versatility and robust hardware, but the vulnerabilities could pose some serious security threats. According to the research team, the flaws exist in ‘Encrypt Only’ secure boot mode of the SoC.
‘Inverse Path’ Discovers Two Security Bugs In Secure Boot Mode of SoC:
Security researchers discovered the two security flaws in a popular brand of SoC boards manufactured by Xilinx. The vulnerable component is Xilinx’s Zynq UltraScale+ brand, which includes System-on-Chip (SoC), multi-processor system-on-chip (MPSoC), and radio-frequency system-on-chip (RFSoC) products. These boards and components are commonly used inside automotive, aviation, consumer electronics, industrial, and military components.
The security vulnerabilities reportedly undermine the secure boot capabilities of the SoC board. Researchers added that of the two security flaws, one is unpatchable by a software update. In other words, only “a new silicon revision” from the vendor should be able to eliminate the vulnerability. This means all the SoC boards from Xilinx’s Zynq UltraScale+ brand will continue to remain vulnerable unless swapped out with new versions.
Unpatchable security flaw found in the secure boot mode of popular SoC/MPSoC/RFSoC boards
— Catalin Cimpanu (@campuscodi) August 20, 2019
Researchers have published a technical report on GitHub, which details the security vulnerabilities. The report mentions Xilinx Zynq UltraScale+ Encrypt Only secure boot mode does not encrypt boot image metadata. This leaves this data vulnerable to malicious modifications, noted F-Secure’s, Adam Pilkey. “Attackers [are] able [to] tamper with the boot header in the early stages of the boot procedure, [and] can modify its contents to execute arbitrary code, thereby bypassing the security measures offered by the ‘encrypt only’ mode,”
Of the two security flaws, the first was in the boot header parsing performed by the boot ROM. The second vulnerability was in the parsing of partition header tables. Incidentally, the second vulnerability could also allow malicious attackers to inject arbitrary code, but it was patchable. What’s concerning to note that none of the patches, if ever released to address the second vulnerability, would be redundant. This is because attackers could always bypass any patch the company would release, by exploiting the first bug. Hence, Xilinx hasn’t released a software fix for the second bug too.
Attack Scope Limited But Potential Damage High, Claim Researchers:
Zynq UltraScale+ SoCs configured to boot in the “encrypt only” secure boot mode are affected by this issue. In other words, only these SoC boards are affected and more importantly, these have to be manipulated to boot in a particular mode, to be vulnerable. In normal operation, these boards are secure. Nonetheless, secure boot mode is often used by equipment vendors. Software vendors and developers rely on this mode to “enforce authentication and confidentiality of firmware and other software assets loaded inside devices that use Zynq UltraScale+ SoCs as their internal computing component.”
The most limiting aspect of the vulnerability is that attackers need to have physical access to the SoC boards. These attackers will have to perform a Differential Power Analysis (DPA) attack on the SoC boards’ boot-up sequence in order to insert malicious code. Given the preferred deployment scenarios of the Zynq UltraScale+ SoC boards, a physical attack is the only recourse to attackers. Incidentally, most of these boards are generally deployed in equipment that’s not connected to an external network. Hence a remote attack is not possible.
Xilinx Updates Technical Manual To Educate Users About Prevention and Protection Techniques:
Interestingly, there’s another secure boot mode that doesn’t contain the security vulnerabilities. Following F-Secure’s findings, Xilinx issued a security advisory which advises equipment vendors to use the Hardware Root of Trust (HWRoT) secure boot mode instead of the weaker Encryption Only one. “The HWRoT boot mode does authenticate the boot and partition headers,” noted Xilinx.
Xilinx said it modified technical manuals so equipment vendors who use its SoCs use the HWRoT secure boot mode instead of the weaker Encryption Onlyhttps://t.co/4k4DQu6wlk
— Catalin Cimpanu (@campuscodi) August 20, 2019
For the systems that are limited to using the vulnerable Encrypt Only boot mode, users are cautioned to keep monitoring for DPA, unauthenticated boot, and partition header attack vectors. Incidentally, there are quite a few system-level protection techniques which can limit the exposure of the SoC boards to external or malicious agencies that might be present on-site.[Update]: Xilinx has reached out and confirmed that the unpatchable flaw exists primarily because the customers demanded the Encrypt Only mode be made available in the Zynq UltraScale+ SoC brand. In other words, the company noted the design feature they implemented following customer demand, would expose the SoC to security risk. Xilinx added that it has always cautioned customers “they need to implement additional system-level security functions to prevent any issues.”
Xilinx takes security extremely seriously and is an industry advocate and leader in security architecture, implementation, and transparency. Since the introduction of the Encrypt Only boot mode in 2018, which was a feature request made by our customers, our public documentation has clearly stated that additional system-level protections are required. If these system-level protections are implemented as recommended, the system remains secure. In addition, we recently issued a Design Advisory as a response to the report reminding customers of our existing guidelines. To achieve maximum security, customers can choose our Hardware Root of Trust boot mode without additional system-level protections or implement our Encrypt Only boot mode with system-level protections, as per Xilinx documentation. For more information on our design advisory please go to https://www.xilinx.com/support/answers/72588.html” – Xilinx spokeswoman