U-Booting securely

This paper aims to provide an independent analysis of known pitfalls and production misconfigurations related to using U-Boot (officially: Das U-Boot) in secure embedded systems as well as provide developers with guidance towards securing their products. It is aimed at teams and organisations planning to use or already using U-Boot as part of their existing products. Most of the examples have been encountered by the F-Secure Consulting Hardware Security team when researching secure boot implementations and resulted in either a partial or complete compromise of device security.