On 4/19/20, jim bell <jdb10987@yahoo.com> wrote:
https://gulfnews.com/technology/hidden-bug-in-fpga-chips-can-help-hackers-st...
https://www.digitalmunition.me/starbleed-bug-impacts-fpga-chips-used-in-data... The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs. https://www.xilinx.com/support/answers/73541.html https://www.usenix.org/system/files/sec20fall_ender_prepub.pdf As usual, "[ir]responsible disclosure" in full effect... you have to leave your ass wide open till August for the details, so the corp and researchers can profit spin and pomp, and so the CIA NSA Mossad and every other thug on the planet with a brain has plenty of time to exploit you. Xilinx is of course wholly untrustable closed source. #OpenHW, #OpenFabs, #OpenAudit "If an attacker has access to the bitstream and breaks its confidentiality, he can reverse-engineer the design, clone intellectual property, or gather information for subsequent attacks e.g., by finding cryptographic keys or other design aspects of a system. If the adversary succeeds in violating the bitstream authenticity, he can then change the functionality, implant hardware Trojans, or even physically destroy the system in which the FPGA is embedded by using configuration outside the specifications. In their study, the researchers could successfully break the bitstream encryption of Xilinx 7-Series and Virtex-6 devices. They then broke the authenticity of the encryption too by encrypting arbitrary messages. Decrypting Bitstream Content Briefly, the researchers used MultiBoot address register WBSTAR to enable the FPGA boot with a different memory address. They then manipulated bitstream to write a single 32-bit word to the register in decrypted form. Hence, they redirect the decrypted bitstream content to the register to read it following a reset. Repeating this process allows an attacker to retrieve the entire bitstream content. Though, retrieving one word at a time may take several hours. For example, it took 3 hours and 42 minutes for the researchers to decrypt and read Kintex-7 XC7K160T bitstream. Breaking Encryption Authenticity In a subsequent attack, the researchers used FPGA as a decryption oracle to encrypt arbitrary messages. Repeating the process allowed them to encrypt the entire bitstream with legit encryption and validation."