Das U-Boot


Das U-Boot is an open-source boot loader used in embedded devices to perform various low-level hardware initialization tasks and boot the device's operating system kernel. It is available for a number of computer architectures, including M68000, ARM, Blackfin, MicroBlaze, AArch64, MIPS, Nios II, SuperH, PPC, Power ISA, RISC-V, LoongArch and x86.
WWW Official Site

Functionality

U-Boot is both a first-stage and second-stage bootloader. It is loaded by the system's ROM from a supported boot device, such as an SD card, SATA drive, NOR flash, or NAND flash. If there are size constraints, U-Boot may be split into two stages: the platform would load a small SPL, which is a stripped-down version of U-Boot, and the SPL would do some initial hardware configuration and load the larger, fully featured version of U-Boot. Regardless of whether the SPL is used, U-Boot performs both first-stage and second-stage booting.
U-Boot implements a subset of the UEFI specification as defined in the Embedded Base Boot Requirements specification. UEFI binaries like GRUB or the Linux kernel can be booted via the boot manager or from the command-line interface.
U-Boot runs a command-line interface on a console or a serial port. Using the CLI, users can load and boot a kernel, possibly changing parameters from the default. There are also commands to read device information, read and write flash memory, download files from the serial port or network, manipulate device trees, and work with environment variables.
Unlike PC bootloaders which obscure or automatically choose the memory locations of the kernel and other boot data, U-Boot requires its boot commands to explicitly specify the physical memory addresses as destinations for copying data and for jumping to the kernel and as arguments for the kernel. Because U-Boot's commands are fairly low-level, it takes several steps to boot a kernel, but this also makes U-Boot more flexible than other bootloaders, since the same commands can be used for more general tasks. It's even possible to upgrade U-Boot using U-Boot, simply by reading the new bootloader from somewhere into memory, and writing that data to persistent storage where the bootloader belongs.
U-Boot has support for USB, so it can use a USB keyboard to operate the console, and it can access and boot from USB Mass Storage devices such as SD card readers.

Data storage and boot sources

U-Boot boots an operating system by reading the kernel and any other required data into memory, and then executing the kernel with the appropriate arguments.
U-Boot's commands are actually generalized commands which can be used to read or write any arbitrary data. Using these commands, data can be read from or written to any storage system that U-Boot supports, which include:
On some embedded device implementations, the CPU or SoC will locate and load the bootloader from the boot partition directly.

Compatible file systems

U-Boot does not need to be able to read a filesystem for the kernel to use it as a root filesystem or initial ramdisk; U-Boot simply provides an appropriate parameter to the kernel, and/or copies the data to memory without understanding its contents.
However, U-Boot can also read from filesystems. This way, rather than requiring the data that U-Boot will load to be stored at a fixed location on the storage device, U-Boot can read the filesystem to search for and load the kernel, device tree, etc., by pathname.
U-Boot includes support for these filesystems:

Device tree

Device tree is a data structure for describing hardware layout. Using Device tree, a vendor might be able to use a less modified mainline U-Boot on otherwise special purpose hardware. As also adopted by the Linux kernel, Device tree is intended to ameliorate the situation in the embedded industry, where a vast number of product specific forks exist. The ability to run mainline software practically gives customers indemnity against lack of vendor updates.

History

The project started as a 8xx PowerPC bootloader called 8xxROM written by Magnus Damm. In October 1999 Wolfgang Denk moved the project to SourceForge.net and renamed it to PPCBoot, because SF.net did not allow project names starting with digits. Version 0.4.1 of PPCBoot was first publicly released 19 July 2000.
In 2002 a previous version of the source code was briefly forked into a product called ARMBoot, but was merged back into the PPCBoot project shortly thereafter. On 31 October 2002 PPCBoot−2.0.0 was released. This marked the last release under the PPCBoot name, as it was renamed to reflect its ability to work on other architectures besides the PPC ISA.
PPCBoot−2.0.0 became U−Boot−0.1.0 in November 2002, expanded to work on the x86 processor architecture. Additional architecture capabilities were added in the following months: MIPS32 in March 2003, MIPS64 in April, Nios II in October, ColdFire in December, and MicroBlaze in April 2004. The May 2004 release of U-Boot-1.1.2 worked on the products of 216 board manufacturers across the various architectures.
The current name Das U-Boot adds a German definite article, to create a bilingual pun on the classic 1981 German submarine film Das Boot, which takes place on a World War II German U-boat. It is free software released under the terms of the GNU General Public License. It can be built on an x86 PC for any of its intended architectures using a cross development GNU toolchain, for example crosstool, the Embedded Linux Development Kit or OSELAS.Toolchain.
The importance of U-Boot in embedded Linux systems is quite succinctly stated in the book Building Embedded Linux Systems, by Karim Yaghmour, whose text about U-Boot begins, "Though there are quite a few other bootloaders, 'Das U-Boot', the universal bootloader, is arguably the richest, most flexible, and most actively developed open source bootloader available."

Notable vulnerabilities

In 2025, multiple vulnerabilities discovered in 2024 have been disclosed in U-Boot. Abusing the filesystem support feature of U-Boot by manually modifying filesystem data structures, an attacker can cause an integer overflow, a stack overflow or a heap overflow. As a result, an attacker can perform an arbitrary code execution and bypass the boot chain of trust. These issues are mitigated by the version v2025.01-rc1.

Usages