{"guid":"330c672b-9ec1-4416-ab28-4c808aa4ad76","title":"Boot2root","subtitle":"Auditing Boot Loaders by Example","slug":"36c3-10706-boot2root","link":"https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10706.html","description":"The Achilles heel of [your secure device] is the secure boot chain. In this presentation we will show our results from auditing commonly used boot loaders and walk through the attack surface you open yourself up to. You would be surprised at how much attack surface exists when hardening and defense in depth is ignored. From remote attack surface via network protocol parsers to local filesystems and various BUS parsing, we will walk through the common mistakes we've seen by example and showcase how realistic it is for your product's secure boot chain to be compromised. ","original_language":"eng","persons":["Ilja van Sprundel","Joseph Tartaro"],"tags":["36c3","10706","2019","Security","Main"],"view_count":1918,"promoted":false,"date":"2019-12-29T18:50:00.000+01:00","release_date":"2019-12-30T01:00:00.000+01:00","updated_at":"2026-03-09T05:45:03.857+01:00","length":3733,"duration":3733,"thumb_url":"https://static.media.ccc.de/media/congress/2019/10706-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2019/10706-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2019/10706-hd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2019/10706-hd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/36c3-10706-boot2root","url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_title":"36C3: Resource Exhaustion","conference_url":"https://api.media.ccc.de/public/conferences/36c3","related":[],"recordings":[{"size":null,"length":null,"mime_type":"text/vtt","language":"eng","filename":"330c672b-9ec1-4416-ab28-4c808aa4ad76-eng.vtt","state":"todo","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2025-01-06T00:38:01.296+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/330c672b-9ec1-4416-ab28-4c808aa4ad76-eng.vtt","url":"https://api.media.ccc.de/public/recordings/47967","event_url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":245,"length":3733,"mime_type":"video/mp4","language":"eng-deu-rus","filename":"36c3-10706-eng-deu-rus-Boot2root_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-12-30T22:15:32.158+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/h264-sd/36c3-10706-eng-deu-rus-Boot2root_sd.mp4","url":"https://api.media.ccc.de/public/recordings/44000","event_url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":716,"length":3733,"mime_type":"video/webm","language":"eng-deu-rus","filename":"36c3-10706-eng-deu-rus-Boot2root_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-12-30T21:01:46.272+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/webm-hd/36c3-10706-eng-deu-rus-Boot2root_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/43874","event_url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":288,"length":3733,"mime_type":"video/webm","language":"eng-deu-rus","filename":"36c3-10706-eng-deu-rus-Boot2root_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-12-30T20:58:52.870+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/webm-sd/36c3-10706-eng-deu-rus-Boot2root_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/43866","event_url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":56,"length":3715,"mime_type":"audio/mpeg","language":"eng","filename":"36c3-10706-eng-Boot2root_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2019-12-30T20:58:34.356+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/mp3/36c3-10706-eng-Boot2root_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/43864","event_url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":280,"length":3733,"mime_type":"video/mp4","language":"eng-deu-rus","filename":"36c3-10706-eng-deu-rus-Boot2root_hd-slides.mp4","state":"new","folder":"slides-h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-12-30T20:58:16.090+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/slides-h264-hd/36c3-10706-eng-deu-rus-Boot2root_hd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/43863","event_url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":40,"length":3715,"mime_type":"audio/opus","language":"eng","filename":"36c3-10706-eng-Boot2root_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2019-12-30T20:58:03.258+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/opus/36c3-10706-eng-Boot2root_opus.opus","url":"https://api.media.ccc.de/public/recordings/43862","event_url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":552,"length":3733,"mime_type":"video/mp4","language":"eng-deu-rus","filename":"36c3-10706-eng-deu-rus-Boot2root_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-12-30T14:28:49.346+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/h264-hd/36c3-10706-eng-deu-rus-Boot2root_hd.mp4","url":"https://api.media.ccc.de/public/recordings/43664","event_url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":330,"length":3733,"mime_type":"video/mp4","language":"rus","filename":"36c3-10706-rus-Boot2root.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-12-30T14:28:06.491+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/h264-hd/36c3-10706-rus-Boot2root.mp4","url":"https://api.media.ccc.de/public/recordings/43663","event_url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":330,"length":3733,"mime_type":"video/mp4","language":"deu","filename":"36c3-10706-deu-Boot2root.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-12-30T14:27:31.093+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/h264-hd/36c3-10706-deu-Boot2root.mp4","url":"https://api.media.ccc.de/public/recordings/43662","event_url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_url":"https://api.media.ccc.de/public/conferences/36c3"},{"size":330,"length":3733,"mime_type":"video/mp4","language":"eng","filename":"36c3-10706-eng-Boot2root.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-12-30T14:27:00.863+01:00","recording_url":"https://cdn.media.ccc.de/congress/2019/h264-hd/36c3-10706-eng-Boot2root.mp4","url":"https://api.media.ccc.de/public/recordings/43661","event_url":"https://api.media.ccc.de/public/events/330c672b-9ec1-4416-ab28-4c808aa4ad76","conference_url":"https://api.media.ccc.de/public/conferences/36c3"}]}