Security through Transparency: Tales from the RP2350 Hacking Challenge

Security of Microcontroller Units (MCUs) is crucial for the modern computing landscape, as they often provide a root-of-trust to larger systems or are embedded in safety-critical applications. To prevent attackers from running unsigned code, many MCUs implement secure boot mechanisms.

One such MCU is the recently released RP2350, which combines secure boot with additional hardware features to protect against fault injection attacks. In this paper, we demonstrate the possibility of fault injection and secret extraction attacks despite the presence of dedicated countermeasures.

We showcase five different attacks that break the secure boot guarantees of a locked down RP2350 chip. Our attacks leverage voltage, electromagnetic, and laser fault injection techniques. They allow us to bring back disabled CPU cores and debugging ports, boot unverified firmware images, bypass signature verification checks, and provide unprivileged access to sensitive data. We further demonstrate direct extraction of antifuse memory contents using focused ion beam passive voltage contrast. To improve the MCU security landscape, we propose potential mitigations against our attacks and share our lessons learned with the community.