Category: IJTAG

As most of us know, football season began across America last month, with both college and the NFL seasons starting. With the recent moves by our Federal Government, it seems they have a bit of a football game strategy when it comes to the semiconductor market segment.
Cyber attackers use Rootkits to implant malware using Operating System internals. Bootkits are for more persistent implants, targeted toward UEFI firmware vulnerabilities. But, what if you go lower down, into the silicon? This is a Chipkit.
Today, February 15th, 2020, marks the official 30th Anniversary of JTAG. What a wild ride it has been – from its humble beginnings for detecting short and open circuits, it has evolved to be, in some ways, the most powerful and feared technology on the planet. How did we get here?
This past week, I attended the AUTOTESTCON 2019 conference, the premiere Defense Automated Test Equipment show, that has the theme of “increased mission effectiveness through advanced test and support technology”. As you may have seen, I was honored with the “Walter E. Peterson Best Paper on New Technology” award for Mitigating JTAG as an Attack Surface (note: it might take a little while for the paper to be posted on IEEE Xplore; you might have to check back later).
In two previous articles, I looked at the JTAG access port from a security perspective, and considered what exposure the choice of BMC operating system might have on a platform supporting At-Scale Debug. Now, let’s consider the root of all trust, the silicon itself, and see what options exist for locking it down.
Given that they are network-accessible, BMCs present an attack surface. Which operating systems are hardened enough to be secure against malicious actors?
Archives