A sense of self for bootloaders: no more magical writes

Presented at TROOPERS17 (2017), March 22, 2017, 5 p.m. (Unknown duration).

Bootloaders act as the keystone of trust yet are fairly arcane. To most of us, a bootloader is a peculiar binary blob that makes a number of magical writes to barely documented addresses, eventually loading applications and kernels that are generally better understood. But how can we trust something that we do not understand? This talk is an attempt to clear some of the mystery surrounding bootloading and to describe a bootloader from the point of view of what it should be doing so that we can enforce such behaviors. We will start with classifying a bootloader's memory and bus write operations to distinguish those that go into creating and patching the image of the next stage from other writes. This allows us to separate the components of a bootloader that prepare the next stage from the rest of its sorcery. Tools for observing a bootloader executing in QEMU and creating its call trace will be released. This talk will be geared towards people who understand kernels and want to get a bit more comfortable with bootloaders.


Presenters:

  • Rebecca Shapiro / .bx as Rebecca ".bx" Shapiro
    Rebecca ".bx" Shapiro is a PhD student at Dartmouth College, a small college in the Northern Appalachia region of the US. She enjoys tinkering with systems in undocumented manners to find hidden sources of computation. She has previously studied the weird machines present in application linkers and loaders, but has since turned her focus towards loaders that live at the interface between hardware and software.

Links:

Similar Presentations: