Bigmac attack: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Testing parameters for resetting the f00d processor. On normal boot ARM resets the f00d processor to load secure_kernel writing: *REG32(0xE0010000) = 1; *REG32(0xE0010000) ...") |
|||
| Line 16: | Line 16: | ||
=== Testing half a reset operation from ARM === | === Testing half a reset operation from ARM === | ||
The following was executed from lk ARM context: | The following was executed from post-secure_kernel lk ARM context: | ||
*REG32(0xE0010000) = 1 | *REG32(0xE0010000) = 1 | ||
==== Result ==== | ==== Result ==== | ||
No change in state. | No change in state. | ||
Revision as of 18:39, 24 June 2018
Testing parameters for resetting the f00d processor. On normal boot ARM resets the f00d processor to load secure_kernel writing:
*REG32(0xE0010000) = 1; *REG32(0xE0010000) = 0;
Testing this from lk after secure_kernel results in no change in state. The testing material is a f00d payload that is constantly updating a counter in DRAM. f00d state is verified by checking if this counter is updated.
Testing reset from f00d
The following is executed from f00d context:
*REG32(0xE0010000) = 1; *REG32(0xE0010000) = 0;
Result
f00d processor stops updating CTR and bigmac no longer usable.
Testing half a reset operation from ARM
The following was executed from post-secure_kernel lk ARM context:
*REG32(0xE0010000) = 1
Result
No change in state.