Secure Boot & Attack Vectors Why Boot Sequence Knowledge Matters for Security Attack Scenarios Firmware Replacement Replace flash with malicious code Vector Table Hijack Modify reset handler address Debug Port Attack SWD/JTAG to dump or inject code Startup Code Modification Change crt0 data copy / BSS init Physical access = game over Defense Strategies 1. Secure Boot 2. Debug Port Lock 3. Flash Read Protect 4. MPU Configuration 5. Integrity Checks Defense in depth! Secure Boot Chain Bootrom immutable -> Verify Sig IMAGE_DEF -> Verify App signature -> Boot! or refuse Each stage cryptographically verifies the next before handing off control. Bootrom = trust anchor (can't be changed)