September 22, 2023

Intel introduced, Tunable Replica Circuit to help protect against certain types of physical fault injection attacks without requiring any interaction with the computer owner. A possibility still exist that messing with the computer chip pins supplying clock and voltage.

TRC uses hardware-based sensors to explicitly detect circuit-based timing failures that occur as the result of an attack, the attack being a non-invasive physical glitch on the pins supplying clock and voltage. Intel’s TRC also has the capability to detect electromagnetic fault injections (EMFI).


Fault injection attacks allow an attacker to cause No Operation instruction to be latched instead of a Jump condition, altering the execution flow. It might also help to replace real keys in fixed-function crypto engines.

Intel added that TRC is delivered in the 12th Gen Intel Core processor family, adding fault injection detection technology to the Intel Converged Security and Management Engine.

Intel CSME is an embedded subsystem in the Platform Controller Hub designed to serve as the platforms silicon initialization, to provide remote management capability that is independent of the operating system, and to provide additional security like Intel Boot Guard or TPM which enables secure boot, disk encryption, secure storage, virtual smart card.


The way the TRC works is that it monitors the delay of specific types of digital circuits. It is calibrated to signal an error at a voltage level beyond the nominal operating range of the CSME. Any error condition originating from the TRC indicates a possible data corruption and triggers mitigation techniques to ensure data integrity. To avoid false positives, Intel also developed a feedback-based calibration flow.

The biggest interest in really doing fault injection, from an attacker’s point of view, would be to bypass secure boot. Embedded systems are also more prone to this kind of attacks than usual desktop or laptop computers.

Leave a Reply

%d bloggers like this: