Raspberry Pi stays as assured as ever within the security measures added to its second-generation RP2350 microcontroller — a lot so, in truth, {that a} month after opening a contest to see if anybody might hack it the deadline is being prolonged and the prize pot doubled to $20,000.
“Nobody has managed to interrupt the safety on our new chip but,” boasts Raspberry Pi’s Chris Boross in an replace to a contest launched on the DEF CON 32 convention final month. “The problem was solely attributable to run till September, however we’ve determined to goad the bounty hunters by doubling the prize cash and lengthening the deadline to the top of the yr. When you suppose you may hack it, be our visitor.”
The Raspberry Pi RP2350’s new security measures stay undefeated, however will a doubled prize pot change that? (📷: Raspberry Pi)
Raspberry Pi introduced the competitors at DEF CON 32, initially targeted on those that had acquired the occasion’s official badge — the primary {hardware} to hit the streets primarily based on the RP2350, a quad-core dual-architecture design that pairs Arm Cortex-M33 cores with free and open supply Hazard3 RISC-V cores. It is not the processor cores which might be the main focus of the competition, although, however Raspberry Pi’s implementation of Arm’s TrustZone and its related performance — security measures added to the RP2350 lacking from its predecessor the RP2040.
Shortly after the occasion, the competition was opened to all: flash your DEF CON 32 badge or Raspberry Pi Pico 2 with a customized firmware that irreversibly units one-time programmable (OTP) bits and see in the event you can seize a 128-bit flag embedded inside, protected by the brand new safe boot performance. Those that might retrieve the flag stood to win $10,000 — a determine the corporate has now doubled to $20,000, having had not successes in the course of the competitors’s authentic month-long run.
The prolonged bug bounty comes as Raspberry Pi appears deeper into erratum RP2350-E9, which is inflicting surprising “latching” on GPIO pins. (📷: Ian Lesnet)
The extension to the competitors comes amid rumblings of the affect related to a {hardware} fault dubbed erratum RP2350-E9, wherein a flaw blamed on third-party IP from an unnamed vendor causes general-purpose enter/output (GPIO) pins to latch at round 2.15V underneath circumstances that Raspberry Pi says are extra particular than experiences from these constructing round its elements would counsel. Have been a contest entrant in a position to efficiently defeat the RP2350’s new security measures, it could probably end in a respin and the discharge of a brand new variant on a set stepping — one thing the corporate has steered it’s unwilling to do for the E9 flaw, which is presently handled in documentation alone.
Anybody seeking to strive their hand on the RP2350 bug bounty can discover particulars on learn how to enter on the official GitHub repository.