20 Ways Past Secure Boot

Explore 20 methods for bypassing secure boot systems in this comprehensive conference talk. Delve into secure boot theory and examples before examining various attack vectors, including debug access, service functionality exploits, and UART vulnerabilities. Learn about timing attacks, glitch sensitivity, and electromagnetic fault injection techniques. Investigate design flaws, firmware upgrade vulnerabilities, and cryptographic weaknesses. Gain insights into key management issues and weak signing methods. Conclude with valuable parting thoughts on improving secure boot implementations and defending against potential exploits.

Intro
Overview
Secure boot?
Secure boot theory
Secure boot example
ways to ...
debug access to boot stage (JTAG) riscure
Debug/service functionality
Nook boot UART exploit
18. Overriding boot source medium
TOCTOU race conditions
Timing attacks
Timing attack with Infectus board
XBOX 360 timing attack procedure
Glitch sensitivity
Glitch demo
Is it a real attack?
Slot machine EMP Jamming
Code section
EM-FI Transient Probe
Research probes
Design mistakes
Accessibility of boot ROM after boot riscure
Crypto sanitization
Firmware Upgrade / Recovery flaws riscure
Relying on unverified code
Service backdoor/password
State errors
Driver weaknesses
ROM patching functionality
Inappropriate signing area
Key management
Weak signing keys/methods
Parting thoughts