{"id":"1bbd6873-6f69-59a8-8eb2-926acc763d7e","kind":"official","name":"Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot","slug":"of-boot-vectors-and-double-glitches-bypassing-rp2350-s-secure-boot","url":"https://api.events.ccc.de/congress/2025/event/1bbd6873-6f69-59a8-8eb2-926acc763d7e/?format=json","track":"security","assembly":"ccc","room":"7202df07-050c-552f-8318-992f94e40ef0","location":null,"language":"en","description":"The RP2350 is one of the first generally available microcontrollers with active security-features against fault-injection such as glitch-detectors, the redundancy co-processor, and other pieces to make FI attacks more difficult.\r\n\r\nBut security on paper often does not mean security in real-life. Luckily for us, Raspberry Pi also ran the RP2350 Hacking Challenge: A public bug bounty that has exactly these attacks in-scope. During the hacking challenge 5 different attacks were found on the secure-boot process - one of which was shown at 38C3 by Aedan Cullen.\r\n\r\nIn this talk, we talk about all successful attacks - including laser fault-injection, a reset glitch, and a double-glitch during execution of the bootrom - to show all the different ways in which a chip can be attacked.\r\n\r\nWe also talk about the awesomeness of an open security-ecosystem for chips: Raspberry Pi was very transparent on the findings, and worked with researchers to improve the new revision of the chip.","schedule_start":"2025-12-27T16:00:00+01:00","schedule_duration":"01:00:00","schedule_end":"2025-12-27T17:00:00+01:00"}