Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu
In this post, we attack the Nest Hub (2nd Gen), an always-connected smart home display from Google, in order to boot a custom OS.
First, we explore both hardware and software attack surface in search of security vulnerabilities that could permit arbitrary code execution on the device.
Then, using a Raspberry Pi Pico microcontroller, we exploit an USB bug in the bootloader to break the secure boot chain.
Finally, we build new bootloader and kernel images to boot a custom OS from an external flash drive. Breaking Secure Boot on Google Nest Hub (2nd Gen) to run Ubuntu
