Switch System Flaws: Difference between revisions
not really a vulnerability per-se but funky flawed behavior nonetheless |
|||
| Line 145: | Line 145: | ||
| Jan 2021 | | Jan 2021 | ||
| [[User:Hexkyz|hexkyz]]/[[User:SciresM|SciresM]], [[User:Vale|Vale]]/[[User:Thog|Thog]] (independently), [[User:Tatsuko|Tatsuko]] (independently), possibly others (independently). | | [[User:Hexkyz|hexkyz]]/[[User:SciresM|SciresM]], [[User:Vale|Vale]]/[[User:Thog|Thog]] (independently), [[User:Tatsuko|Tatsuko]] (independently), possibly others (independently). | ||
|- | |||
| Boot straps are not relatched on watchdog resets (strapwn) | |||
| On boot, the BOOTSELECT, RCM and RAM_CODE straps are latched from external GPIO to determine which boot medium to use and verify from in bootrom. However, APB_MISC_PP_STRAPPING_OPT_A can be overwritten with arbitrary values following bootrom. Write access to PP_STRAPPING_OPT_A would otherwise be mundane, however these straps are not relatched during a watchdog reset (despite being latched during other software resets), allowing for arbitrary straps to be selected and executed in bootrom. | |||
This allows setting NVPROD_UART on some hardware configurations where it would normally be unavailable (ie on Jetson Nano boards), but is otherwise mostly useless and/or useful for testing unintended boot options (such as USB Mass Storage boot) without having to move boot strap resistors. | |||
| Unknown | |||
| HAC-001 (Tegra210) | |||
| May 2020 | |||
| April 30, 2021 | |||
| [[User:Shinyquagsire23|Shiny Quagsire]] | |||
|} | |} | ||