A sense of self for bootloaders: no more magical writes

Bootloaders act as the keystone of trust yet are fairly arcane. To most of us, a bootloader is a peculiar binary blob that makes a number of magical writes to barely documented addresses, eventually loading applications and kernels that are generally better understood. But how can we trust something that we do not understand? This talk is an attempt to clear some of the mystery surrounding bootloading and to describe a bootloader from the point of view of what it should be doing so that we can enforce such behaviors. We will start with classifying a bootloader’s memory and bus write operations to distinguish those that go into creating and patching the image of the next stage from other writes. This allows us to separate the components of a bootloader that prepare the next stage from the rest of its sorcery. Tools for observing a bootloader executing in QEMU and creating its call trace will be released. This talk will be geared towards people who understand kernels and want to get a bit more comfortable with bootloaders.