Switch System Flaws: Difference between revisions
m TSEC Heavy Secure bypass |
edit for accuracy, since I guess --xploit is public now , writing the arbitrary signature rop chain was an absurd amount of effort |
||
Line 128: | Line 128: | ||
| [[User:qlutoo|qlutoo]]/[[User:Hexkyz|hexkyz]]/[[User:Shuffle2|shuffle2]], [[User:SciresM|SciresM]]/[[User:motezazer|motezazer]] (independently). | | [[User:qlutoo|qlutoo]]/[[User:Hexkyz|hexkyz]]/[[User:Shuffle2|shuffle2]], [[User:SciresM|SciresM]]/[[User:motezazer|motezazer]] (independently). | ||
|- | |- | ||
| TSEC | | ROM under TSEC secure bootrom via DMA engine stack overwrite (--xploit) | ||
| TSEC DMA engine does not stop when entering | | TSEC DMA engine does not stop when entering TSEC secure bootrom. By pointing TSEC DMA to current stack before secure bootrom entry, stack can be controlled. | ||
One can then use blind ROP against the TSEC secure bootrom (which is execute only, and cannot be dumped). | |||
With sufficient effort, an attacker can construct a ROP chain that leads to csigauth being executed with fully controlled arguments. | |||
This allows for arbitrary heavy secure mode code execution with the current signature set to an arbitrary value. | |||
This completely breaks the TSEC cryptosystem, by allowing one to obtain the result of csigenc with signature = <any desired value>. | |||
This has many uses/results, notably including dumping the "true" signature key (set signature = zeroes, perform csigenc using csecret 0x1). | |||
| None | | None | ||
| TSEC for all Tegra devices | | TSEC for all Tegra devices | ||
| | | Late 2018 | ||
| Jan 2021 | | Jan 2021 | ||
| [[User:Tatsuko|Tatsuko]] | | [[User:Hexkyz|hexkyz]]/[[User:SciresM|SciresM]], [[User:Tatsuko|Tatsuko]], possibly others (independently) | ||
|} | |} | ||