Switch System Flaws: Difference between revisions
deep sleep memes |
layout |
||
Line 24: | Line 24: | ||
| Weak Security Engine context validation | | Weak Security Engine context validation | ||
| The Tegra X1 supports a "deep sleep" feature, where everything but DRAM and the PMC registers lose their content (and the SoC loses power). Upon awaking, the bootrom re-executes, restoring system state. Among these stored states is the Security Engine's saved state, which uses AES-128-CBC with a random key and all-zeroes IV. However, the bootrom doesn't perform a MAC on this data, and only validates the last block. This allows one to control most of security engine's state upon wakeup, if one has a way to modify the encrypted state buffer. | | The Tegra X1 supports a "deep sleep" feature, where everything but DRAM and the PMC registers lose their content (and the SoC loses power). Upon awaking, the bootrom re-executes, restoring system state. Among these stored states is the Security Engine's saved state, which uses AES-128-CBC with a random key and all-zeroes IV. However, the bootrom doesn't perform a MAC on this data, and only validates the last block. This allows one to control most of security engine's state upon wakeup, if one has a way to modify the encrypted state buffer. | ||
With a way to modify the encrypted state buffer, one can thus dump keys from "write-only" keyslots, etc. | |||
| None | |||
| HAC-001 | | HAC-001 | ||
| December 2017 | | December 2017 |