Presentation Material
Abstract
Secure boot forms the backbone of trusted computing by ensuring that only authenticated software is executed on the designated platform. However, implementation of secure boot can have flaws leading to critical exploits. In this presentation, we highlight a critical vulnerability in open source First Stage Boot Loader (FSBL) of AMD-Xilinx’s flagship and award winning Zynq-7000 System on Chip (SoC) solution for embedded devices. The discovered vulnerability acts as a ‘single point of failure’ allowing complete bypass of the underlying bypass RSA authentication during secure boot. As a result, a malicious actor can take complete control of the device and run unauthenticated/malicious applications. We demonstrate an exploit using the discovered vulnerability in form of first practical ‘Starbleed’ attacks on Zynq-7000 devices to recover the decrypted bitstream from an encrypted (using AES-256) boot image.
The identified flaw has existed in the secure-boot software for more than 9 years. The vulnerability was responsibly disclosed to the vendor under CVE 2022/23822. The vendor thereafter patched the FSBL software, and issued a design advisory. Finally, we motivate the need towards more rigorous security evaluation tools to test for such trivial security vulnerabilities in software.
AI Generated Summary
This research presents a vulnerability in the secure boot process of Xilinx Zynq-7000 series FPGAs, allowing an attacker with physical access to bypass RSA authentication and recover encrypted bitstreams. The core flaw resides in the First Stage Boot Loader (FSBL), which reads the unauthenticated partition header table from non-volatile memory (e.g., an SD card) and uses its contents to determine which partitions to load, while separately reading and authenticating a second copy of the same table. By exploiting the brief window between these two reads, an attacker can substitute a malicious partition header via an SD card multiplexer, causing the FSBL to load and execute attacker-controlled code from a tampered image, despite the RSA signature on the second copy being valid.
Following initial code execution, the researchers combined this boot vulnerability with a modified version of the “Starbleed” attack. This technique uses the PL (Programmable Logic) fabric to write small, malicious bitstream fragments that force the FPGA to leak decrypted words of the target bitstream into the Warm Boot Start (WBStar) register, which persists across power cycles. By iteratively reading this register via JTAG and crafting specific faulted bitstreams, the attacker can reconstruct the entire encrypted bitstream byte-by-byte.
The practical impact is significant: all Zynq-7000 devices manufactured before Xilinx’s 2020 patch are susceptible. An attacker with temporary physical access can extract proprietary design bitstreams and application code, even from devices with RSA secure boot and disabled JTAG. The attack requires a custom hardware setup for SD card switching and automated power cycling, with a demonstrated recovery rate of approximately 14 bytes per second. The vulnerability highlights a critical design flaw in the boot authentication chain and demonstrates a method for full bitstream recovery on a widely deployed, security-critical FPGA family.