Defeating modern secure boot using second-order pulsed electromagnetic fault injection.
Defeating secure boot
BADFET is a low-cost, high performance pulsed Electromagnetic Fault Injection (EMFI) platform. BADFET was developed through internal research, and the purpose of this project is to democratize EMFI research. This research makes two contributions. First, it presents a novel method of leveraging controlled electromagnetic pulses to attack modern computers using second order effects of induced faults across multiple components of the target computer. Second, it presents the design and implementation of the BADFET system which consists of multiple subsystems (an XYZ stage, a pulser, and an optional recording device). Using these two contributions, this research presents a reliable and effective attack against a widely used TrustZone-based secure boot implementation on a multi-core 1Ghz+ ARM embedded system.