FaultLine is a software-based fault injection attack vector. It uses delay-lines (located in memory controllers) as memory transfer glitch injectors.
This repository provides:
- The source code required to reproduce the FaultLine Baremetal and Linux attacks.
- A tutorial to reproduce the baremetal experiments.
- A Zynq-7000 dev board.
- Xilinx Vivado + Vitis Software Suite
- Launch Vivado and create a platform project for your board (xsa file).
- Launch Vitis and create a platform project (name: FaultLineHP) using the xsa file generated.
- Double click on the platform.spr file and modify the domains to obtain one domain per CPU core.
Figure 1: One domain per CPU core (CPU0 and CPU1)
- Create an empty application project for the adversary (name: adversary_cpu0) and select processor ps7_cortexa9_0
- Create an empty application project for the victim (name: victim_cpu1) and select processor ps7_cortexa9_1
- Add the content provided here in the adversary_cpu0 project.
- Add the content provided here in the victim_cpu1 project.
Figure 2: Project Arborescence
- For each project, add its include paths to the Directories in Properties->Settings->Directories
- Compile the victim and adversary projects.
- Go to Project->Run Configurations, Right click on Single Application Debug and select New configuration.
- Go to the Application tab and check ps7_cortexa9_1 so both projects will be launched simultenaously in different cores.
- Select Apply.
- Power up the board, open a serial terminal and Run the configuration. The welcome prompt should appear (if you successfully setup the project you should see a message from each core. CPU#0 and CPU#1)
Figure 3: Welcome Prompt
- Enter
calibto find the faulty delay-line values - Enter
piret,PFAorrtestto reproduce the attacks presented in the paper.
Figure 4: Calibration and Piret Attack
- A Zynq-7000 dev board.
- A micro SD card.
- Linux distribution (linaro-jessie-developer-20161117-32).
To do