Ground, TX, RX. Three UART pins and a two-dollar serial adapter are everything that an interested tinkerer, sometimes called a security researcher, will need to take over many devices. But why is that? Serial consoles into bootloaders, and especially into the most beloved U-Boot, are one of the most valuable debugging tools during device development. They come in several forms and shapes. Some are very obvious, others less so. To get started, we will take a quick tour around commonly found characteristics of exposed UARTs. Once we have access, let's take a look at a few things we can do. From memory evaluation and manipulation, to file system access, from sideloading payloads to running arbitrary binaries, there’s something in there for everybody.
Hardly surprising, once your device has shipped, this can also be used for non-development purposes. How can you - and should you? - expose this? Or not? If yes, where and under which circumstances? This seemingly simple question turns into a threat modeling exercise real fast. And that question actually answers which hardening measures we should or even must take, if we want to finally reach a secured boot chain. Spoiler: hardly any keys or cryptography involved here.

Preferred session duration: 30-45 minutes