The RP2350 microcontroller introduces a modern secure boot design intended to protect firmware integrity and sensitive secrets. Its public security challenge exposed how complex trust anchors can fail under physical attack, even when designs follow established best practices. This content examines the RP2350 security architecture and shows how fault injection techniques undermine verification logic, allowing untrusted code execution and direct access to protected memory. It also explores how compounded glitches reveal weaknesses in one-time programmable storage and why transparency accelerates stronger defenses. Mitigations adopted in later silicon revisions demonstrate how hardware security evolves through adversarial testing and open scrutiny.

This session, led by Marius Muench, assistant professor at University of Birmingham, and Security Researcher Thomas Roth, will cover:

• Secure boot design assumptions in modern microcontrollers;
• Fault injection leading to unverified vector boot execution;
• Double-glitch techniques targeting one-time programmable memory.