Six vulnerabilities have been discovered in U-Boot, one of the world's most widely used open-source bootloaders found in embedded Linux devices, BMCs, IoT devices, and industrial systems. Disclosed by firmware security firm Binarly, the flaws (BRLY-2026-037 through BRLY-2026-042) exist in U-Boot's FIT signature verification code and range from denial-of-service crashes to arbitrary code execution. Two flaws can potentially allow attackers to execute malicious code during firmware verification — before the OS loads — enabling persistent firmware malware installation, disabling security features, or modifying the boot process. The vulnerable code has existed since U-Boot version 2013.07, potentially affecting over 50 stable releases and numerous downstream vendor forks. Exploitation may not require physical access; on BMC-equipped systems, a compromised management interface could allow remote exploitation via crafted firmware images. Patches have been accepted upstream, but distribution depends on individual hardware vendors, and older unsupported devices may never receive fixes.
Nguồn: https://www.bleepingcomputer.com/news/security/new-u-boot-flaws-could-enable-stealthy-firmware-attacks. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.

Rockchip SoCs include a powerful USB-based recovery boot mechanism called MaskROM mode, which activates when the bootROM fails to load a second-stage bootloader. In this mode, the SoC exposes a USB device using Rockchip's vendor ID and accepts two vendor control requests (0x471 and 0x472) to load DRAM initialization code and a usbplug binary into RAM. The usbplug binary then implements the rockUSB protocol, enabling commands like reading chip info or writing to boot media. A step-by-step guide covers building the loader from Rockchip's rkbin repository, compiling rkdeveloptool, and issuing rockUSB commands. The post also covers how snagboot leverages this mechanism to support recovery on Rockchip devices by loading U-Boot TPL/SPL over USB, enabling device recovery even when all storage boot locations are corrupted.
A detailed hands-on exploration of the Lemote Yeeloong, a Chinese MIPS64-based netbook famous for being Richard Stallman's laptop of choice due to its fully libre software stack. Covers the history of the Loongson/Godson processor family from its origins at the Chinese Academy of Sciences through successive chip generations, the laptop's hardware internals including its cooling system quirks, and a thorough walkthrough of installing OpenBSD on the machine. Key technical challenges include working around two serious Loongson-2F hardware errata involving branch misprediction bugs that caused kernel panics, the PMON bootloader's limitations, lack of binary packages for mips64el, and workarounds needed to boot OpenBSD from an SD card while keeping existing Debian on the internal SSD.