U-Boot hardening

1600,00  (ex. VAT)

U-Boot hardening increases the security of the system launched on the device. Restricting access to the console, silencing the bootloader logs are some of the steps aimed at preventing unauthorized users from accessing the U-Boot, who could thus run malware on the device.

Discover more related products through our trusted partners! Explore more at Nitrokey online store.

x
Category:

Description

U-Boot hardening increases the security of the system launched on the device. Restricting access to the console, silencing the bootloader logs are some of the steps aimed at preventing unauthorized users from accessing the U-Boot, who could thus run malware on the device.

Even when some form of Secure Boot is enabled, an attacker can still enter the U-Boot shell (or alter the boot process in other way) to load untrusted code. The hardeninig is a process of adjusting the U-Boot code, environment and configuration, so that breaking the Chain of Trust is of much higher difficulty.

Features:

  • turn off U-Boot shell (or restrict access, at least),
  • prevent from loading environmental variables from external source,
  • turn off unused shell commands (especially the unsecure kernel load commands)
  • make sure that all code and environment data comes from a trusted chain (e.g. environmental data should be built-in into the signed and verified U-Boot binary),
  • reduce attack surface by disabling unused U-Boot features.

Related products