Boot2root (36c3)
Auditing Boot Loaders by Example
Chaos Computer Club - archive feed · Ilja van Sprundel, Joseph Tartaro
December 29, 20191h 2m
Audio is streamed directly from the publisher (cdn.media.ccc.de) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
The Achilles heel of [your secure device] is the secure boot chain. In this presentation we will show our results from auditing commonly used boot loaders and walk through the attack surface you open yourself up to. You would be surprised at how much attack surface exists when hardening and defense in depth is ignored. From remote attack surface via network protocol parsers to local filesystems and various BUS parsing, we will walk through the common mistakes we've seen by example and showcase how realistic it is for your product's secure boot chain to be compromised.
about this event: https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10706.html
Topics
36c3107062019SecurityMain