Fault Injection on Hidden Registers in a RISC-V Rocket Processor and Software Countermeasures
Johan Laurent1,a, Vincent Beroulle1,b, Christophe Deleuze1,c and Florian Pebay-Peyroula2
1Univ. Grenoble Alpes, Grenoble INP*, LCIS 26000 Valence, France
ajohan.laurent@lcis.grenoble-inp.fr
bvincent.beroulle@lcis.grenoble-inp.fr
cchristophe.deleuze@lcis.grenoble-inp.fr
2CEA-LETI, 38000 Grenoble, France
florian.pebay@cea.fr
ABSTRACT
To protect against hardware fault attacks, developers can use software countermeasures. They are generally designed to thwart software fault models such as instruction skip or memory corruption. However, these typical models do not take into account the actual implementation of a processor. By analyzing the processor microarchitecture, it is possible to bypass typical software countermeasures. In this paper, we analyze the vulnerability of a secure code from FISSC (Fault Injection and Simulation Secure Collection), by simulating fault injections in a RISC-V Rocket processor RTL description. We highlight the importance of hidden registers in the processor pipeline, which temporarily hold data during code execution. Secret data can be leaked by attacking these hidden registers. Software countermeasures against such attacks are also proposed.
Keywords: Fault attack, Fault modelling, Microarchitecture analysis, Hidden register, RISC-V, Software countermeasure.