Difference between revisions of "Bigmac attack"
Jump to navigation
Jump to search
(Created page with "Testing parameters for resetting the f00d processor. On normal boot ARM resets the f00d processor to load secure_kernel writing: *REG32(0xE0010000) = 1; *REG32(0xE0010000) ...") |
|||
| Line 16: | Line 16: | ||
=== Testing half a reset operation from ARM === | === Testing half a reset operation from ARM === | ||
| − | The following was executed from lk ARM context: | + | The following was executed from post-secure_kernel lk ARM context: |
*REG32(0xE0010000) = 1 | *REG32(0xE0010000) = 1 | ||
==== Result ==== | ==== Result ==== | ||
No change in state. | No change in state. | ||
Revision as of 18:39, 24 June 2018
Testing parameters for resetting the f00d processor. On normal boot ARM resets the f00d processor to load secure_kernel writing:
*REG32(0xE0010000) = 1; *REG32(0xE0010000) = 0;
Testing this from lk after secure_kernel results in no change in state. The testing material is a f00d payload that is constantly updating a counter in DRAM. f00d state is verified by checking if this counter is updated.
Testing reset from f00d
The following is executed from f00d context:
*REG32(0xE0010000) = 1; *REG32(0xE0010000) = 0;
Result
f00d processor stops updating CTR and bigmac no longer usable.
Testing half a reset operation from ARM
The following was executed from post-secure_kernel lk ARM context:
*REG32(0xE0010000) = 1
Result
No change in state.