These fuses are inside the CPU itself. They are programmed in a sense much like the firmware itself is.
These fuses have always been around in microcontrollers. They are used to configure various aspects of the microcontroller operations, like startup sequences, whether or not the contents of the chip can be read out, is their voltage monitoring (brownout detection) enabled, is there a watchdog timer enabled which could reset the chip automatically if needed, etc.
It is common that fuses like this can only be set to progressively stricter settings. And the only way to reset the fuses is to erase the entire chip, firmware and all. It sounds like these fuses in the Nvidia dont even allow this.
There have been attacks against eFuses implemented as flash by way of decapping and using UV light. (I'm on mobile and don't have links at hand. Sorry!)
The article that gp linked mentions that it's stored in non-volatile memory that supposedly is "programmable" only once. Obviously, it depends on the chipset, but how is non-reversibility guaranteed in this case?
Yeap, I think the Xbox 360 was the first (or one of the first) to implement this protection back in 2005 - https://www.youtube.com/watch?v=uxjpmc8ZIxM
Wii and PS3 too :)
Has there been any research on reseting these fuses via fault injection attacks?
These fuses are inside the CPU itself. They are programmed in a sense much like the firmware itself is.
These fuses have always been around in microcontrollers. They are used to configure various aspects of the microcontroller operations, like startup sequences, whether or not the contents of the chip can be read out, is their voltage monitoring (brownout detection) enabled, is there a watchdog timer enabled which could reset the chip automatically if needed, etc.
It is common that fuses like this can only be set to progressively stricter settings. And the only way to reset the fuses is to erase the entire chip, firmware and all. It sounds like these fuses in the Nvidia dont even allow this.
I believe it's irreversible, they need to be replaced not reset.
If it could be reset, it'd be a breaker, not a fuse. ;)
The fuses aren't being protected from modifications by the firmware, but they are physically burnt - no way to reverse that.
Yes, and they are part of the SoC so there is also no way to "replace" them.
There have been attacks against eFuses implemented as flash by way of decapping and using UV light. (I'm on mobile and don't have links at hand. Sorry!)
The article that gp linked mentions that it's stored in non-volatile memory that supposedly is "programmable" only once. Obviously, it depends on the chipset, but how is non-reversibility guaranteed in this case?
3 replies →
yup, Samsung Phones have them as well.
a clever but despicable tool.