2021-10-12, 15:00–15:50, The Point
Discussing the interesting things in pre-boot stages of systems, especially SoCs. Cool stuff and tools, places to "hook", and why adding a resistor in the right place can drop the system to "debug" mode.
Systems these days depend on the lowest stages of start up to provide a base for security further up the chain. As the security community and hackers have gotten better tools and better at sniffing out bugs, security has been forced to move down the chain. But how far? Is the boot loader enough? At what point can you really call it "SecureBoot"? Do you need a TPM?
We are going down the rabbit hole to find out where the bits get flipped, whats signed, whats not, and what IS signing anyway? Let's take a look at chip ROMs, BIOS, UEFI, e-fuses, pre-boot partitions (like TrustZone and aBoot), where TPMs get involved, and when boot loaders go wrong.
Lets see if we can get a "secure" boot environment going on cheap, easy to debug hardware, and juts how secure we can make it. After all, doesn't every hacker need a place where they can try out their boot loader and firmware exploits?