The increasing adoption of FPGA-based systems in critical infrastructure, defense and medical applications has made secure boot implementations a prime target for attackers. Recent discoveries reveal concerning vulnerabilities in Xilinx's widely deployed Zynq-7000 SoC platform that allow complete bypass of RSA authentication and recovery of encrypted bitstreams, potentially exposing sensitive intellectual property and enabling malicious code execution.

The vulnerability in the first-stage bootloader, which existed for over nine years, demonstrates how seemingly minor implementation flaws in secure boot can compromise the entire trusted computing chain. When combined with novel bitstream recovery techniques, these flaws enable attackers with physical access to extract protected designs and inject unauthorized code, even in systems with RSA authentication enabled.

Given the widespread deployment of these devices in critical systems and the irreversible nature of hardware-based vulnerabilities, it's crucial for security professionals to understand these attack vectors and strengthen hardware security validation practices.

This session, led by Arpan Jati, research associate at Temasek Laboratories, will cover:

• Analysis of critical vulnerabilities in Zynq-7000 secure boot implementation
• Novel techniques for bypassing RSA authentication using SD card switching
• Recommendations for hardware security validation and secure boot implementations