Overview

Most embedded devices have strong requirements on the integrity of the code running on the platform. Attackers are finding new ways to compromise these systems and a robust secure boot implementation that ensures the software integrity is considered essential. However, implementing a robust secure boot is a major challenge. Several attacks of widely deployed embedded devices got high profile media attention, exposing manufacturers to lost revenue, liability claims and brand damage.

At Riscure, we have evaluated and advised on over 400 products with bootloaders over the last 15 years. We cover common vulnerabilities such as software for memory corruptions, sensitive information leakage, synchronization and state issues, logical errors in security critical components, etc.. The attacks on the secure boot can include logical, fault injection and side channel attacks, depending on the use case and customer needs. So it’s safe to say, we have seen them in all sizes, shapes and development stages.

We discovered that some mistakes in implementing a secure bootloader are very common. This is not surprising given that up until now there hasn't been any course or book teaching developers how to add security to a bootloader, other than consultation. To save billions of bootloaders from attacks, and help our customers save money from costly redevelopment and reputational damage, we have created an online course showing you how to design a secure bootloader. In this webinar, join the team who created a new course on Designing Secure bootloaders and learn about the most common mistakes we see when designing secure bootloaders.


Date: Wednesday 28 October 2020

Time: 12:30 – 13:30

Cost: FREE

Learning Outcomes

  • Gain a solid understanding the fundamental anatomy of a bootloader.
  • Learn the fundamentals of Threat Analysis under the guidance of Riscure, a lab specialised in bootloaders.
  • Expand your skills on the key building blocks such as hardware, crypto and lifecycle development of a secure bootloader.
    • E.g. checking security principles of next stages, differences of encryption, Crypto Do’s and Don’ts, enumerate security relevant aspects of debug and recovery mechanisms, upgrades, development processes, integration of functional requirements, minimize attack surfaces, least privilege principles.
  • Gain experience transforming a bootloader in to a secure bootloader.
  • Learn to identify and eliminate common software vulnerabilities

About the Presenter

Rafa Boix Carpi

Rafa Boix Carpi is a Principal Security Trainer & Specialist, working at Riscure since 2013. He has a MSc. in Computer Science Engineering from Universitat Politecnica de Valencia, Spain. His fields of expertise include Side Channel Analysis, Fault Injection, and low-level Embedded Systems protocols. Rafa has given talks, lead workshops, authored and co-authored research papers in several worldwide conferences. Rafa is really good at basically tearing apart any device with chips on it until its secrets are revealed, and sharing how to do it.