SK_LOAD timing side channel during AES module decryption in Texas Instruments OMAP L138

An adversary with non-secure supervisor privileges manages cache contents and collects timing information for different ciphertext inputs processed by the AES implementation in mask ROM. By exploiting the timing side channel [ref_id=1], the attacker can recover the Customer Encryption Key (CEK) through the SK_LOAD secure kernel routine. The attack requires local privileged access to the device and the ability to control cache state and measure execution timing.

The vulnerability resides in the AES implementation within the mask ROM of Texas Instruments OMAP L138 secure variants. The advisory does not specify particular function names or file paths beyond identifying the SK_LOAD secure kernel routine as the exploitable interface.

The advisory does not describe a specific patch for this vulnerability. As a mask ROM issue, the AES implementation cannot be modified post-fabrication; compensating controls would be required at the software or system level, such as constant-time cryptographic implementations in secure software layers or cache management mitigations applied by the secure kernel.