Julius Werner
I am a tech lead for Arm firmware and firmware security in Google's ChromeOS team and have been working on Chromebook firmware for over 10 years. I am also an active maintainer in the coreboot and Trusted Firmware projects.
United States
Employer –Google LLC
Session
10-11
16:30
30min
When boot security goes wrong: the story of the IGNOREME GPT
Julius Werner
This talk is going to tell the tale of a critical security vulnerability that was found a year after launch on the RK3288 ("veyron") family of Chromebooks and allowed bypassing the entire secure boot stack. It will explain the technical details of this vulnerability, why it was overlooked in the first place, the tricky process to mitigate it, and finally give a real answer to this guy's stack overflow question: https://superuser.com/questions/1399681/what-is-the-gpt-header-signature-for
Main Track