On Princeton's discovery of security-impacting flaws in #RISC-V MCM: Don't rely on Linus' Law to secure CPU architectures!

http://blog.securitymouse.com/2017/04/the-risc-v-files-princeton-mcm-and.html

For anyone playing along at home, the SiFive E300 uC image running on an Arty FPGA can be interfaced with a JLink Segger JTAG device, rather than an Olimex ARM JTAG adapter.

The only adjustment is don't connect pin #2 as it's N/C on the JLink.

Then, in openocd, you can just comment out all the FTDI interface details and replace it with a single line:
interface jlink

Easy breezy. #RISC-V

A full technical explanation of, and sample code for, the RISC-V CPU-level privilege escalation flaw. This is exploitable in QEMU, and is vulnerable in the current stable implementation spec, though it is in the process of being solved by the RISC-V team:

http://blog.securitymouse.com/2017/04/the-risc-v-files-supervisor-machine.html

#HITB2017AMS

Wrote a more elegant for the RISC-V in-silicon System->Machine mode CPU privilege escalation bug.

The exploit allows a System-level kernel to inject an arbitrary payload of executable code into the Machine-level executive.

Full details in a blog tonight, along with sample code! #HITB2017AMS