Browse Prior Art Database

Optically secure boot ROM using a six-transistor cell Disclosure Number: IPCOM000197310D
Publication Date: 2010-Jul-01
Document File: 2 page(s) / 28K

Publishing Venue

The Prior Art Database


Described is an optically secure boot ROM using a six-transistor cell.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 60% of the total text.

Page 1 of 2

Microsoft* had several hacking issues with the original Xbox*. Many of these hacking weaknesses were addressed in the Xbox 360* design. However, as the hacking technologies improve, new weaknesses must be addressed. The first boot ROM weakness was the ability to physically probe the boot ROM command bus. Once the boot ROM was integrated onto the chip silicon, the boot ROM became physically secure. The next weakness was through the testing scan latches. This weakness was corrected by shutting off the scannable function of the latches around the ROM. The newest weakness exposed is the ability to optically read the ROM contents by delayering the chip.

    Previously delayering the chip wasn't viewed as a concern due to the expensive tools required to do so. However, it was historically thought earlier that pico-probes were too expensive for hackers to have access to, but that was found to be wrong. In the original Xbox case, the hacker had access to university facilities that had the equipment and allowed access to adventurous students working on their masters thesis.

    This ROM will use the Vt masks to program a ROM while maintaining no visible difference between a cell programmed to a one and one programmed to a zero.

    The ROM will be built with six-transistor cells that have ultra high VT and regular or low VT FETs. As the power is ramped up during boot-up, the cell will go into the programmed state based on the UVT and LVT FETs used shown in the figure below. The array...