AR# 72314

Design Advisory for UltraScale HW-SYSMON: Security implications of I2C interface accidentally enabled for writes

Description

This Design Advisory covers an issue with the HW-SYSMON for UltraScale devices where the I2C interface is accidentally enabled for writes.

This allows an adversary to be able to write directly into the interface.

See (Xilinx Answer 71744) for more technical details.

For more information on how to sign up to receive notifications of new Design Advisories, see (Xilinx Answer 18683).

Solution

There are two solutions to this issue:

If SYSMON is needed:

Monitor the JTAGMODIFIED signal from inside the device.

The only time this signal is asserted is when there is activity on internal DRP, JTAG or I2C.

If this signal asserts, then the user knows that activity has occurred on one of these interfaces and can take action.

If SYSMON is not needed:

Disable SYSMON completely by setting the INT_42 and INT_74 registers (following one of the two options below).

This will also disable the I2C interface.

Option 1:

Apply Tcl commands for each SLR's SYSMON:

create_cell -reference SYSMONE1 disable_SLR
place_cell disable_SLR SYSMONE1_X0Y0/SYSMONE1
set_property INIT_42 16'h0003 [get_cells disable_SLR]
set_property INIT_74 16'h8000 [get_cells disable_SLR]

Option 2:

Instantiate a SYSMON instance in the HDL with INIT_42 set to 16'h0003 and INIT_74 set to 16'h8000.

AR# 72314
Date 07/12/2019
Status Active
Type Design Advisory
Devices
Tools