We have been auditing the secure boot reference implementations of two of the largest MCU vendors on the market: ESP32 and STM32. While both microcontroller families are solving similar problems, their system architecture and hardware security design are different.

In this session, we'll talk through the results of our work and the approaches taken for design review, code auditing, fuzzing, and exploitation. We'll also have live demos of tools created to assist in the hax, as well as the bugs found and how we gained code execution on a vulnerable device.

We hope that by the end of this session, you'll have a deeper understanding of the concepts of MCU boot security and have the tools required to jump-start your own auditing projects.