AR# 73541

Design Advisory for 7 Series/Virtex-6 FPGAs: Defeating Bitstream Encryption

Description

This Design Advisory covers 7 Series and Virtex-6 FPGAs and contains Xilinx's response to an article published on April 15th 2020 that will be presented at "USENIX Security 2020" about defeating bitstream encryption.

This attack has been dubbed "Starbleed" by the authors.

For more information on how to sign up to receive notifications of new Design Advisories, see (Xilinx Answer 18683).

Solution

7 Series FPGAs

The authors successfully exploited the lack of error extension in AES-CBC mode and the fact that configuration commands, specifically WBSTAR, can execute prior to authentication passing. This allowed them to successfully defeat device security.

The complexity of this attack is similar to well known, and proven, DPA attacks against these devices and therefore do not weaken their security posture. 


6 Series FPGAs

The authors successfully exploited the lack of error extension in AES-CBC mode and the fact that configuration commands, specifically WBSTAR, execute prior to authentication passing. 

This allowed them to successfully extract a large portion of the configuration in plaintext form, resulting in an imperfect recovered netlist.

The complexity of this attack is similar to well known, and proven, DPA attacks against these devices and therefore do not weaken their security posture.

 


Zynq-7000 SoC Devices, UltraScale and UltraScale+ FPGAs, Zynq UltraScale+ MPSoC Devices and Versal ACAPs

These devices are resistant to this attack due to asymmetric and/or symmetric authentication in the boot/configuration process that ensures configuration is authenticated prior to use.

It is important to first understand whether this attack has an impact on an existing system.

Please refer to the below security analysis flowchart that can be used to determine whether an existing system is impacted.

 

                                                                       

starbleed_analysis_flowchart.png



 

Any additional questions should be sent to your local Xilinx representative.

AR# 73541
Date 04/27/2020
Status Active
Type Design Advisory
Devices More Less