SentinelBoot is a secure RISC-V bootloader developed in Rust at The University of Manchester, sponsored by Codethink. It tackles memory safety issues by leveraging Rust’s principles of ownership, borrowing, and lifetimes, providing a more secure alternative to traditional languages like C/C++/Assembly. The project focuses on enhancing boot flow safety by utilizing public-key cryptography for secure boot functionality and achieves a smaller binary size with minimal hashing overhead compared to U-Boot. The implementation includes measures to defend against potential attacks like social engineering and Man-In-The-Middle attacks. Through continuous integration and analysis, SentinelBoot demonstrates improved memory safety and secure boot mechanisms.
https://www.codethink.co.uk/articles/2024/secure_bootloader/