An operating system’s chain of trust is a really a chain of loaders. Although loaders, and especially bootloaders, have always been essential piece of a well-behaved system, they are typically designed with robustness and flexibility in mind — rather than security. Yet, they act as security arbitrators at the very roots of the chain of trust. My talk seeks to address these shortcomings and bootloader vulnerabilities by introducing tools and techniques for retrofitting a bootloader with behavioral constraints implemented via a typing system which governs memory write operations and exists outside the confines of the compilation toolchain. I then demonstrate the feasibility of such a typing mechanism by using it to overlay behavioral constraints onto an instance of U-Boot, the popular ARM bootloader. Finally, I will discuss how my tools and techniques may be used as a fuzzing aid and for reverse engineering for any type of software.
Rebecca “.bx” Shapiro (@bxsays) is a PhD student at Dartmouth College, a small college in the Northern Appalachia region of the US. She enjoys tinkering with systems in undocumented manners to find hidden sources of computation. She has previously studied the weird machines present in application linkers and loaders, but has since turned her focus towards loaders that live at the interface between hardware and software.