Secure Boot & Attack Vectors
Why Boot Sequence Knowledge Matters for Security
Attack Scenarios
Firmware Replacement
Replace flash with malicious code
Vector Table Hijack
Modify reset handler address
Debug Port Attack
SWD/JTAG to dump or inject code
Startup Code Modification
Change crt0 data copy / BSS init
Physical access = game over
Defense Strategies
1. Secure Boot
2. Debug Port Lock
3. Flash Read Protect
4. MPU Configuration
5. Integrity Checks
Defense in depth!
Secure Boot Chain
Bootrom
immutable
->
Verify Sig
IMAGE_DEF
->
Verify App
signature
->
Boot!
or refuse
Each stage cryptographically verifies
the next before handing off control.
Bootrom = trust anchor (can't be changed)