Chips Listening to Gibberish
By: Jorg Bormann
Pre-silicon verification engineers assume that hardware interfaces must behave according to well-defined protocol rules. What happens when the rules are broken?
We all talk gibberish once in a while. At least, I do. I might be in a silly mood, thinking aloud, listening to music or talking over the phone using my headphones (they are quite small, and if you don’t notice them, you could think I am crazy). Regardless of the circumstances, I mean no harm, I promise. However, it’s still possible that a passer-by could get distracted trying to figure out what’s wrong with me.
[...]
Recently, I used the OneSpin formal verification tool to analyze a RISC-V-based SoC. Within hours of work, I identified illegal transactions at an external interface that interfere with the boot code’s execution after reset. Due to the SoC configuration at reset and some other design implementation details, it is possible to use an unrequested response to smuggle instructions into the processor cache that are executed instead of the boot code and thus overtake the entire boot process. While this particular SoC does not claim to have any security features, this behavior was not expected and raised numerous alarm bells.
