Code Review Guidelines for Boot Firmware

Based on previous analysis of firmware issues, vulnerabilities fall into 8 general categories that should be the focus of secure code reviews:

1. External Input
2. Race Conditions
3. Hardware Input
4. Secret Handling
5. Register Lock
6. Secure Configuration
7. Replay/Rollback
8. Cryptography

This section discusses each class of vulnerability and summarizes approaches for review.