Explore hardware attacks on the latest generation of ARM Cortex-M processors in this 57-minute conference talk from the 36th Chaos Communication Congress (36C3). Dive into fault-injection attacks that bypass security features of modern IoT and embedded processors, including breaking TrustZone-M on new ARMv8-M processors. Learn about an open-source FPGA platform for glitching, making these techniques more accessible and cost-effective. Discover how to conduct glitching attacks on real-world targets, prepare devices for glitching, and find potential vulnerabilities. Witness demonstrations of bypassing integrated chip security features such as re-enabling locked JTAG, circumventing secure bootloaders, recovering symmetric crypto keys, and fully bypassing TrustZone-M security. See a practical example of breaking the reference secure bootloader of the Microchip SAM L11, a new TrustZone-M enabled ARM Cortex-M processor, using minimal equipment. Gain insights into integrating fault-injection testing into secure development lifecycles and understand the implications for modern device security.
Overview
Syllabus
36C3 - TrustZone-M(eh): Breaking ARMv8-M's security
Taught by
media.ccc.de