Achilles Heel in Secure Boot: Breaking RSA Authentication and Bitstream Recovery from Zynq-7000 SoC

Learn about a critical security vulnerability in AMD-Xilinx's Zynq-7000 SoC secure boot implementation through this 22-minute conference talk from USENIX WOOT '24. Explore how researchers from Nanyang Technological University discovered a significant flaw in the First Stage Boot Loader that enables complete bypass of RSA authentication during secure boot. Understand the practical implications of this vulnerability, including how it allows malicious actors to execute unauthorized applications and perform 'Starbleed' attacks to recover encrypted bitstreams. Examine the technical details of this 10-year-old security flaw, its responsible disclosure process (CVE 2022/23822), and subsequent vendor patches. Gain insights into the importance of rigorous security evaluation tools for detecting critical vulnerabilities in embedded system software.