Table of Contents
Fetching ...

FAARM: Firmware Attestation and Authentication Framework for Mali GPUs

Md. Mehedi Hasan

TL;DR

MOLE reveals a critical trust gap in GPU TEEs caused by unverified MCU firmware loading, enabling data exfiltration and inference tampering. FAARM addresses this gap with an EL3-anchored firmware attestation and locking framework that authenticates vendor-signed MCU firmware, enforces monotonic versioning, and atomically locks firmware to eliminate TOCTOU and rollback vulnerabilities. In a software Colab prototype, FAARM achieves a mean verification latency of about 1.34 ms and under 2% overhead relative to typical GPU initialization, while blocking all MOLE-style attacks in tested scenarios. The approach provides a practical, deployable defense for mobile and cloud GPU deployments and can extend to other co-processors with similar architectures, strengthening the end-to-end security of GPU TEEs.

Abstract

Recent work has revealed MOLE, the first practical attack to compromise GPU Trusted Execution Environments (TEEs), by injecting malicious firmware into the embedded Microcontroller Unit (MCU) of Arm Mali GPUs. By exploiting the absence of cryptographic verification during initialization, adversaries with kernel privileges can bypass memory protections, exfiltrate sensitive data at over 40 MB/s, and tamper with inference results, all with negligible runtime overhead. This attack surface affects commodity mobile SoCs and cloud accelerators, exposing a critical firmware-level trust gap in existing GPU TEE designs. To address this gap, this paper presents FAARM, a lightweight Firmware Attestation and Authentication framework that prevents MOLE-style firmware subversion. FAARM integrates digital signature verification at the EL3 secure monitor using vendor-signed firmware bundles and an on-device public key anchor. At boot, EL3 verifies firmware integrity and authenticity, enforces version checks, and locks the firmware region, eliminating both pre-verification and time-of-check-to-time-of-use (TOCTOU) attack vectors. We implement FAARM as a software-only prototype on a Mali GPU testbed, using a Google Colab-based emulation framework that models the firmware signing process, the EL1 to EL3 load path, and secure memory configuration. FAARM reliably detects and blocks malicious firmware injections, rejecting tampered images before use and denying overwrite attempts after attestation. Firmware verification incurs only 1.34 ms latency on average, demonstrating that strong security can be achieved with negligible overhead. FAARM thus closes a fundamental gap in shim-based GPU TEEs, providing a practical, deployable defense that raises the security baseline for both mobile and cloud GPU deployments.

FAARM: Firmware Attestation and Authentication Framework for Mali GPUs

TL;DR

MOLE reveals a critical trust gap in GPU TEEs caused by unverified MCU firmware loading, enabling data exfiltration and inference tampering. FAARM addresses this gap with an EL3-anchored firmware attestation and locking framework that authenticates vendor-signed MCU firmware, enforces monotonic versioning, and atomically locks firmware to eliminate TOCTOU and rollback vulnerabilities. In a software Colab prototype, FAARM achieves a mean verification latency of about 1.34 ms and under 2% overhead relative to typical GPU initialization, while blocking all MOLE-style attacks in tested scenarios. The approach provides a practical, deployable defense for mobile and cloud GPU deployments and can extend to other co-processors with similar architectures, strengthening the end-to-end security of GPU TEEs.

Abstract

Recent work has revealed MOLE, the first practical attack to compromise GPU Trusted Execution Environments (TEEs), by injecting malicious firmware into the embedded Microcontroller Unit (MCU) of Arm Mali GPUs. By exploiting the absence of cryptographic verification during initialization, adversaries with kernel privileges can bypass memory protections, exfiltrate sensitive data at over 40 MB/s, and tamper with inference results, all with negligible runtime overhead. This attack surface affects commodity mobile SoCs and cloud accelerators, exposing a critical firmware-level trust gap in existing GPU TEE designs. To address this gap, this paper presents FAARM, a lightweight Firmware Attestation and Authentication framework that prevents MOLE-style firmware subversion. FAARM integrates digital signature verification at the EL3 secure monitor using vendor-signed firmware bundles and an on-device public key anchor. At boot, EL3 verifies firmware integrity and authenticity, enforces version checks, and locks the firmware region, eliminating both pre-verification and time-of-check-to-time-of-use (TOCTOU) attack vectors. We implement FAARM as a software-only prototype on a Mali GPU testbed, using a Google Colab-based emulation framework that models the firmware signing process, the EL1 to EL3 load path, and secure memory configuration. FAARM reliably detects and blocks malicious firmware injections, rejecting tampered images before use and denying overwrite attempts after attestation. Firmware verification incurs only 1.34 ms latency on average, demonstrating that strong security can be achieved with negligible overhead. FAARM thus closes a fundamental gap in shim-based GPU TEEs, providing a practical, deployable defense that raises the security baseline for both mobile and cloud GPU deployments.
Paper Structure (28 sections, 8 figures, 5 tables, 1 algorithm)

This paper contains 28 sections, 8 figures, 5 tables, 1 algorithm.

Figures (8)

  • Figure 1: MOLE attack overview: An attacker with kernel/driver privileges injects malicious firmware via the standard driver interface. The malicious firmware can either (i) exfiltrate data from GPU-protected memory (general attack) or (ii) silently tamper with AI outputs (worse attack), undermining TEE trustworthiness.
  • Figure 2: Arm Mali GPU Architecture: Components and data flow paths showing the privileged position of the Microcontroller Unit (MCU) in task orchestration and the unverified firmware loading path from kernel space.
  • Figure 3: MOLE Attack Workflow: Three-stage compromise demonstrating (1) malicious firmware injection during initialization, (2) data exfiltration from secure memory, and (3) result tampering through output manipulation.
  • Figure 4: Shim-Style GPU TEE Architecture: Security boundaries and vulnerable firmware loading path where MCU firmware bypasses trusted verification mechanisms, creating the attack surface exploited by MOLE.
  • Figure 5: Revised GPU TEE firmware loading workflow incorporating the FAARM defense. Unlike the original flow where untrusted EL1 loads firmware without validation, the updated process introduces an EL3 secure monitor verification and locking step. Only vendor-signed firmware passes this attestation, closing the MOLE attack vector by preventing unauthorized firmware injection and TOCTOU tampering.
  • ...and 3 more figures