except it's not novel...
This technique is not novel, it has already been applied, successfully , to a real ARM9 running Linux and not to a generic SPARC reproduction on an FPGA. The required time to generate the faulty signature is much less and the scheme can be broken in minutes by a single pc. The paper has been published a _year_ ago , and it's available here : http://home.dei.polimi.it/barenghi/files/FDTC2009.pdf