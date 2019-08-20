Security researchers have found an unpatchable security flaw in the popular Xilinx (NASDAQ:XLNX) Zynq UltraScale+ system-on-chip boards, which are used across a wide range of industries including auto, aviation, consumer electronics, and military applications.

F-Secure's hardware team Inverse Path found that the Encrypt Only secure boot mode contains two security flaws and doesn't encrypt boot image metadata, leaving the data vulnerable.

One flaw can't be fixed with a software update and will instead require a new silicon revision. Xilinx hasn't patched the other flaw because the unpatchable problem could let a hacker bypass the fix.

Xilinx statement: "For systems that must use the Encrypt Only boot mode, customers are advised to consider system level protections that take into account DPA, unauthenticated boot, and partition header attack vectors."

Read the full technical report on GitHub.