BootStomp - On the Security of Bootloaders in Mobile Devices

Explore the critical role of modern mobile bootloaders in device functionality and security through this conference talk from Nullcon Goa 2018. Delve into the Chain of Trust (CoT) concept, examining how each boot process stage verifies the integrity and origin of the subsequent stage. Understand the theoretical immunity of this process against attackers with full OS control and its prevention of persistent CoT compromise. Investigate the vulnerabilities arising from bootloaders processing untrusted input and the security implications of disabling verification steps for development and customization purposes. Gain insights into the complexities and challenges of maintaining robust security in mobile device bootloaders.