FaultLine: Software-based Fault Injection on Memory Transfers

FaultLine is a software-based fault injection attack vector. It uses delay-lines (located in memory controllers) as memory transfer glitch injectors.

Content

This repository provides:

The source code required to reproduce the FaultLine Baremetal and Linux attacks.
A tutorial to reproduce the baremetal experiments.

Launch Vivado and create a platform project for your board (xsa file).
Launch Vitis and create a platform project (name: FaultLineHP) using the xsa file generated.
Double click on the platform.spr file and modify the domains to obtain one domain per CPU core.

Figure 1: One domain per CPU core (CPU0 and CPU1)

Create an empty application project for the adversary (name: adversary_cpu0) and select processor ps7_cortexa9_0
Create an empty application project for the victim (name: victim_cpu1) and select processor ps7_cortexa9_1
Add the content provided here in the adversary_cpu0 project.
Add the content provided here in the victim_cpu1 project.

Figure 2: Project Arborescence

For each project, add its include paths to the Directories in Properties->Settings->Directories
Compile the victim and adversary projects.
Go to Project->Run Configurations, Right click on Single Application Debug and select New configuration.
Go to the Application tab and check ps7_cortexa9_1 so both projects will be launched simultenaously in different cores.
Select Apply.
Power up the board, open a serial terminal and Run the configuration. The welcome prompt should appear (if you successfully setup the project you should see a message from each core. CPU#0 and CPU#1)

Figure 3: Welcome Prompt

Enter calib to find the faulty delay-line values
Enter piret, PFA or rtest to reproduce the attacks presented in the paper.

Figure 4: Calibration and Piret Attack

To do