F-Secure: U-Booting securely

This paper aims to provide an independent analysis of known pitfalls and production misconfigurations related to using U-Boot (officially: Das U-Boot) in secure embedded systems as well as provide developers with guidance towards securing their products. It is aimed at teams and organisations planning to use or already using U-Boot as part of their existing products. Most of the examples have been encountered by the F-Secure Consulting Hardware Security team when researching secure boot implementations and resulted in either a partial or complete compromise of device security.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s