AR# 76201

|

Design Advisory for Zynq-7000 SoC: Buffer Overflow in the BootROM and FSBL NAND Driver

Description

When booting a Zynq-7000 SoC device from NAND flash memory, the NAND driver in the BootROM and FSBL (2020.3 and prior) does not validate the inputs when reading in the NAND’s Parameter Page.

If the spare bytes field read in from the Parameter Page contains a malicious, illegal value, this causes a buffer overflow that could lead to arbitrary code execution.

For this attack to be successful, physical access and modification of the board assembly on which the Zynq-7000 SoC device is mounted is needed to replace the original NAND flash memory with a NAND flash emulation device.

  • ONLY Zynq-7000 SoC devices that use authentication or encryption for secure boot are affected.
  • This attack does NOT affect any other product family.
Important Notes:
  • The BootROM is immutable. The behavior will not change for the NAND driver in the BootROM.
  • The NAND driver for the FSBL will be fixed in the 2021.1 release.
 

Figure 1 is a high-level summary that can be used to determine whether an existing system is impacted.



For more information on how to sign up to receive notifications of new Design Advisories, see (Xilinx Answer 18683).​

Solution

If physical access to the Zynq-7000 is possible, ensure that the tamper boundary extends to not only the Zynq-7000 SoC but also to the NAND interface.

Additional protections include:

  • Remove any exposed traces on the NAND interface by using blind vias and buried traces to make connecting to the NAND interface extremely difficult
  • Design the board so that disconnecting the NAND memory would cause permanent damage to the Zynq-7000 system
  • Design the board so that connecting to the NAND interface would cause permanent damage to the Zynq-7000 system
AR# 76201
Date 05/13/2021
Status Active
Type Design Advisory
Devices
Tools
People Also Viewed