Guiding Engineering Teams Toward a More Secure Usage of U-Boot

Main Stage,

With its rich feature set, regular release cycle cadence, and adoption into silicon vendors’ board support packages, it is no wonder that the Open Source Das U-Boot bootloader has become so ubiquitous throughout products spanning a breadth of application domains. However, much of what makes U-Boot so helpful to embedded systems engineers can be a double-edged sword; permissive functionality and readily available reference configurations represent a form of “security debt” that must be paid off by the engineering teams integrating U-Boot into their product. In both public research and private security assessments, it is commonly found that devices are vulnerable to abuse as a result of product vendors failing to invest adequate time and effort into securing their U-Boot configurations and customizations.

This talk will describe common security failure patterns observed during security assessments of products using U-Boot, introduce NCC Group’s “Depthcharge” toolkit built to support U-Boot security auditing, and present its new functionality that is aimed at providing engineering teams with a means to avoid inadvertent inclusion of functionality that may be an ill-fit for their specific security objectives. At a higher level, this talk aims to foster discussions about how we call all help ensure that product development teams customize, configure, and deploy U-Boot more securely, such that end users remain safe.