Hacker News new | past | comments | ask | show | jobs | submit login
Secure Computing with Zymbit's D35 (jeffgeerling.com)
24 points by ingve on April 7, 2023 | hide | past | favorite | 11 comments



Trying to use a non-secure set-top-box SoC as the core of a "secure" device seems incredibly questionable to me. Even with an allegedly tamper-resistant enclosure, I'd still be very concerned about attacks like drilling into the case to access JTAG (which is accessible from the top of the Compute Module).

After realizing that this seems to primarily be intended for cryptocurrency applications, though... yeah, that seems about par for the course.


the actual board is embedded in epoxy and will destroy encryption keys if tampered with.


If, by "the actual board", you mean the HSM -- that hardly matters. If an attacker can seize control of the application processor over JTAG, they can command the HSM to do whatever they want.


Where do you see the JTAG?


The eight-pin footprint next to the FCC logo is the VideoCore JTAG connector. The connector isn't populated, but the signals are all there and usable (AFAIK).


This is actually one of the attack vectors I'm thinking about trying with the box when I get more time to hack at it.

The accelerometer and temperature sensors / settings could make it a little more difficult, since the heat sink is directly above the processor and one would need to get through it to gain access to the pins.

But it could be possible with some creative solutions. Probably not if all tamper protections are active though.


Could it be disabled?


Serious question - do those pressure sensitive tamper switches really accomplish anything? For a dedicated attacker, I assume those are more trivially bypassed than the rest of the security.


Probably not. They can detect if the case is opened in the conventional way (by unscrewing the lid and removing it), but a well-prepared attacker has plenty of other options. Cutting a hole in the case might set off the accelerometer tamper sensor (if it's enabled), but melting a hole in a plastic part of the case probably wouldn't.


Melting a hole would likely raise the internal temperature enough to set off that alarm (again, only if enabled), but that might be the easiest way to physically enter the box—at least over the non-metal parts.


This kind of thing seems way too useful for Treacherous Computing relative to the amount of legitimate security it brings.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: