Boot2root - Auditing Boot Loaders by Example

Explore the vulnerabilities in secure boot chains through this comprehensive conference talk from the 36th Chaos Communication Congress (36C3). Dive into an in-depth audit of commonly used boot loaders, examining the extensive attack surface they present. Discover surprising weaknesses in hardening and defense-in-depth strategies. Follow along as experts Ilja van Sprundel and Joseph Tartaro dissect various attack vectors, from remote exploits via network protocol parsers to local filesystem vulnerabilities and BUS parsing issues. Gain valuable insights into the realistic threats facing secure boot implementations and learn how to identify and mitigate common mistakes in boot loader security.

36C3 - Boot2root