On 02/28/2017 11:38 AM, Mark Morgan Lloyd wrote:
[...]
Is it possible to use Qemu or some comparable emulator to check the boot
sequence in situ, i.e. without breaking the U-Boot and kernel images out
into separate files?
There are a few tools which take embedded Linux/Android disk images, run
QEMU to emulate the missing hardware, and then attack it with whatever
they can. Maybe one of those tools can help you with your boot sequence
needs? Below are a few, there are others that I'm forgetting the names
of, these will probably help you search for the ones I'm forgetting. :-)
Sorry, unsure if there is an option that will work with U-Boot and
Debian and ARM. (I haven't worked much with these tools, instead focus
on UEFI/ACPI 'blobs'.)
https://firmwaresecurity.com/2016/02/28/firmadyne-automated-analysis-of-linux-embedded-firmware/
https://firmwaresecurity.com/2015/09/23/costins-embedded-firmware-security-thesis/
https://firmwaresecurity.com/2015/11/23/panda-vm/
https://firmwaresecurity.com/2016/08/25/firminator/
https://firmwaresecurity.com/2016/02/28/firmadyne-automated-analysis-of-linux-embedded-firmware/
You might also try asking on Twitter, on the firmware-security list.
https://twitter.com/JacobTorrey/lists/firmware-security
https://firmwaresecurity.com/2017/01/17/firmware-security-list-on-twitter/
Also, I've not tried it for this purpose, but perhaps S2E/Avatar has
some features that might help you.
http://www.s3.eurecom.fr/tools/avatar/