This is a follow-up from our Accessing the U-Boot environment from a C program blog post.

🌳Need to protect the environment

When you’re trying to harden an embedded Linux device to make it more resistant to attacks, one key part to secure is the bootloader, because that’s the part that boots the operating system. Even you implement a secure boot chain, if an attacker manages to interrupt the boot process and get access to the bootloader shell, this attacker would be able to load and run her/his own payload on the device.

If you compare the device tree as loaded by Linux, available in /sys/firmware/fdt, you will see that it differs from the one that you loaded in U-Boot. Taking the time to make the comparison is quite instructive.

Let’s do this on my Toradex Verdin iMX8M Mini SoM on the Dahlia carrier board.

Decompiling the DTB

It’s easy to decompile any Device Tree Binary (DTB) file using dtc, the Device Tree Compiler.

1. Copy /sys/firmware/fdt from your live Linux system to external storage (assuming your external storage is mounted on /mnt/usb)
   cp /sys/firmware/fdt /mnt/usb/linux.dtb