This year has seen a number of people putting quite some effort into strengthening the @barebox bootloader's security posture .
At @LinuxSecSummit in Amsterdam, I had the opportunity to present some of the work: security-focused documentation, fuzzing, hardening and a new framework for runtime access control.
The (correct!) slides are online now: https://static.sched.com/hosted_files/lsseu2025/94/hardening-the-barebox-bootloader.pdf
Here are the slides for my "State of SELinux" presentation this afternoon at the @LinuxSecSummit in Amsterdam. For those who are interested, I'll also be hosting a SELinux BoF later today at the conference.
https://paul-moore.com/docs/2025-lss_eu-state_of_selinux-pcmoore-r2.pdf