DEF CON 29 - Laura Abbott, Rick Altherr -Breaking TrustZone M: Privilege Escalation on LPC55S69

Показать описание

The concept of Trusted Execution Environments has been broadly introduced to microcontrollers with ARM’s TrustZone-M. While much experience with TrustZone-A can be applied, architectural differences with ARMv8-M lead to a very different approach to configuration and transitions between secure and non-secure worlds. This talk will deep dive into how TrustZone-M works, where to look for weaknesses in implementations, and a detailed look into NXP LPC55S69’s implementation including discovering an undocumented peripheral that leads to a priviledge escalation vulnerability exploitable with TrustedFirmware-M. Finally, NXP PSIRT will be used as a case study in how _not_ to respond to a vulnerability report.

REFERENCES:

Рекомендации по теме

Комментарии

Thanks Laura and Rick!

I learned more about the security on the LPC55s69 from this presentation than from reading the manual.

Till now, I really liked the chip, particularly as it contains the Powerquad DSP processor which makes the work I do analyzing the Amps and Volts waveforms coming back from electric motors used in irrigation a breeze

Starting to think that the open source Risc-V chips will be the future architechture I will use?

Thanls plenty!

gertvbiljon

I SPECULATE that the reason that the one section was removed from the users manual was that the chip implementation had a bug, and it was easier to just not support the feature at all, rather than to errata and fix it. This is usually a marketing decision about how many sales will be lost by not having the feature.

jimgolab

Thanks for the great presentation! Just a heads up there is an error on the slide at 7:08, it incorrectly lists EL0-4. There are 4 exception levels in Cortex-A 0-3, 0-4 would be 5 exception levels.

narimanP

What is an "Application Note" she keeps mentioning at the start of the presentation?

u-ux

Allen Anthony Wilson Kevin Moore Michelle

victoriabirch

DEF CON 29 - Laura Abbott, Rick Altherr -Breaking TrustZone M: Privilege Escalation on LPC55S69

DEF CON 29 - Laura Abbott, Rick Altherr -Breaking TrustZone M: Privilege Escalation on LPC55S69

DEF CON 29 - Agent X - A look inside security at the New York Times

DEF CON 29 - PatH - Warping Reality: Creating and Countering the Next Generation of Linux Rootkits

DEF CON 29 - Matthew Bryant - Hacking G Suite: The Power of Dark Apps Script Magic

Propagate the Signal [with JRWR] | DEF CON 29 #badgelife

DEF CON 29 Aerospace Village Deep Space Networking Workshop Part 2 LTP Wireshark Challenge

DEF CON 29 - Austin Allshouse - The Mechanics of Compromising Low Entropy RSA Keys

DEF CON 29 - Vivek Nair - Time Turner Hacking RF Attendance Systems To Be in Two Places at Once

DEF CON 29 - Dan Petro - You're Doing IoT RNG

DEF CON 29 - Jacob Baines - Bring Your Own Print Driver Vulnerability

DEF CON 29- Dennis Giese - Robots with lasers and cameras but no security Liberating your vacuum

DEF CON 29 - Shir Tamari, Ami Luttwak - New class of DNS Vulns Affecting DNS-as-Service Platforms

DEF CON 29 - Slava Makkaveev - I know how to take over your Kindle with an e-book

DEF CON 29 -Justin Perdok - Hi Im DOMAIN Steve, Please Let Me Access VLAN2

DEF CON 29 - Ian Coldwater, Chad Rikansrud - Real Life Story of the 1st Mainframe Container Breakout

DEF CON 29 - Rion Carter - Why does my security camera scream like a Banshee?

DEF CON 29 - Cory Doctorow - Privacy Without Monopoly

DEF CON 29 - Dimitry 'Op Nomad' Snezhkov - Racketeer Toolkit: Prototyping Controlled Ranso...

DEFCON 29 IoT Village - Jay Balan - 5 Years of IoT Vulnerability Research and Countless 0days

DEF CON 29 - Michael Whiteley Katie Whiteley - Making the DEF CON 29 Badge

DEF CON 29 - Claire Vacherot - Sneak into buildings with KNXnetIP

DEF CON 29 - Patrick Wardle - Bundles of Joy: Breaking MacOS via Subverted Applications Bundles

DEF CON 29 - Zabrocki, Matrosov - Glitching RISC-V chips: MTVEC corruption for hardening ISA

Defcon 29 - Human Badage