Resources

Blog Posts and Talks

Below are the blog posts and talks created by the original author of Depthcharge. These provide some insights into the motivations of the project and some higher-level methodologies. However, the API and command-line tools may change over time; always refer to the Depthcharge documentation for the most up-to-date information.

• NCC Group Blog Post: Sinking U-Boots with Depthcharge (via archive.org)

• Hardwear.io Webinar: …Effective Exploitation of Boot-time Security Debt

• NCC Group Blog Post: …U-Boot Configuration Auditing Introduced in v0.2.0 (via archive.org)

• OSFC 2020 Talk: Guiding Engineering Teams Toward a More Secure Usage of U-Boot

Official U-Boot Documentation

The U-Boot project contains a ton of great documentation. When doing security auditing work and working with Depthcharge, you may find the following resources particularly helpful.

• U-Boot talks

• Command-line and Hush shell

• Global Data structure (see global_data.h)

• Exported functions for Standalone Applications (see exports.h and _exports.h)

• U-Boot scripts and the “source” command

• FIT Image Format and FIT signature verification

• Sandbox build target - Great for fuzzing for command handlers