Code Review Guidelines for Boot Firmware
Based on previous analysis of firmware issues, vulnerabilities fall into 8 general categories that should be the focus of secure code reviews:
  1. 1.
    External Input
  2. 2.
    Race Conditions
  3. 3.
    Hardware Input
  4. 4.
    Secret Handling
  5. 5.
    Register Lock
  6. 6.
    Secure Configuration
  7. 7.
    Replay/Rollback
  8. 8.
    Cryptography
This section discusses each class of vulnerability and summarizes approaches for review.
Last modified 1yr ago
Copy link