Switch System Flaws: Difference between revisions

Line 128:

|-

| TSEC ~~authentication bypass~~ via ~~TSEC~~ DMA engine stack overwrite

| ROM under TSEC secure bootrom via DMA engine stack overwrite (--xploit)

| TSEC DMA engine does not stop when entering ~~csigauth operation~~. By pointing TSEC DMA to current stack before ~~csigauth operation~~, stack can be controlled. ~~Using~~ blind ROP, ~~code flow~~ can ~~be altered leading~~ to ~~full control during~~ csigauth ~~operation~~, ~~such as~~ dumping the ~~calculated authentication~~ signature ~~for any arbitrary piece of code~~. ~~Because of this TSEC Heavy Secure mode is completely broken~~

| TSEC DMA engine does not stop when entering TSEC secure bootrom. By pointing TSEC DMA to current stack before secure bootrom entry, stack can be controlled.

One can then use blind ROP against the TSEC secure bootrom (which is execute only, and cannot be dumped).

With sufficient effort, an attacker can construct a ROP chain that leads to csigauth being executed with fully controlled arguments.

This allows for arbitrary heavy secure mode code execution with the current signature set to an arbitrary value.

This completely breaks the TSEC cryptosystem, by allowing one to obtain the result of csigenc with signature = <any desired value>.

This has many uses/results, notably including dumping the "true" signature key (set signature = zeroes, perform csigenc using csecret 0x1).

| None

| TSEC for all Tegra devices

| ~~2019~~

| Late 2018

| Jan 2021

| [[User:Tatsuko|Tatsuko]]

| [[User:Hexkyz|hexkyz]]/[[User:SciresM|SciresM]], [[User:Tatsuko|Tatsuko]], possibly others (independently)

|}

@@ Line 128: / Line 128: @@
 | [[User:qlutoo|qlutoo]]/[[User:Hexkyz|hexkyz]]/[[User:Shuffle2|shuffle2]], [[User:SciresM|SciresM]]/[[User:motezazer|motezazer]] (independently).
 |-
-| TSEC authentication bypass via TSEC DMA engine stack overwrite
+| ROM under TSEC secure bootrom via DMA engine stack overwrite (--xploit)
-| TSEC DMA engine does not stop when entering csigauth operation. By pointing TSEC DMA to current stack before csigauth operation, stack can be controlled. Using blind ROP, code flow can be altered leading to full control during csigauth operation, such as dumping the calculated authentication signature for any arbitrary piece of code. Because of this TSEC Heavy Secure mode is completely broken
+| TSEC DMA engine does not stop when entering TSEC secure bootrom. By pointing TSEC DMA to current stack before secure bootrom entry, stack can be controlled.
+One can then use blind ROP against the TSEC secure bootrom (which is execute only, and cannot be dumped).
+With sufficient effort, an attacker can construct a ROP chain that leads to csigauth being executed with fully controlled arguments.
+This allows for arbitrary heavy secure mode code execution with the current signature set to an arbitrary value.
+This completely breaks the TSEC cryptosystem, by allowing one to obtain the result of csigenc with signature = <any desired value>.
+This has many uses/results, notably including dumping the "true" signature key (set signature = zeroes, perform csigenc using csecret 0x1).
 | None
 | TSEC for all Tegra devices
-| 2019
+| Late 2018
 | Jan 2021
-| [[User:Tatsuko|Tatsuko]]
+| [[User:Hexkyz|hexkyz]]/[[User:SciresM|SciresM]], [[User:Tatsuko|Tatsuko]], possibly others (independently)
 |}