The Raspberry Pi is the world's most-deployed SBC. It's also the most- forgotten device on home and small-business networks. A boot log capture on the UART pins (GPIO 14/15) gives you a complete read of the firmware chain — Pi bootloader, GPU firmware, kernel, cmdline, and userspace init.
What BootIntel detects on Raspberry Pi
- Bootloader EEPROM version — visible in the early boot output on Pi 4 and Pi 5. Out-of-date bootloaders have known recovery-mode exposure.
- Kernel version + revision — Raspberry Pi OS pins to specific stable kernels (5.10.x, 6.1.x, 6.6.x). The exact subrelease dictates the CVE surface.
- cmdline.txt content — leaks console settings, root device, init system, and any custom debug flags vendors added.
- config.txt-driven peripherals — visible in the kernel messages: which I/O interfaces are enabled (I2C, SPI, UART, 1-wire, camera). Each adds attack surface.
- SSH state at boot — Raspberry Pi OS now disables SSH by default unless an
sshfile exists on the boot partition; older images shipped with SSH on. We catch the difference. - Default user "pi" with default password — flagged aggressively. Older Pi OS images shipped
pi:raspberryand the login banner reveals which release you're running. - NetworkManager vs dhcpcd — affects how the device handles untrusted networks; older Pi OS still uses dhcpcd which has historic CVEs.
What a typical Raspberry Pi boot log looks like
Raspberry Pi Bootloader Conf: vl805 ENABLED
PIEEPROM: 2024-05-17 e6a7a8d
Loading firmware...
[ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd083]
[ 0.000000] Linux version 6.6.31+rpt-rpi-2712 ([email protected]) (gcc-12 (Raspbian 12.2.0-14+rpi1) 12.2.0, GNU ld (GNU Binutils for Raspbian) 2.40) #1 SMP PREEMPT Debian 1:6.6.31-1+rpt1 (2024-05-29)
[ 0.000000] Machine model: Raspberry Pi 5 Model B Rev 1.0
[ 0.000000] Kernel command line: reboot=w coherent_pool=1M 8250.nr_uarts=1 pci=pcie_bus_safe smsc95xx.macaddr=2C:CF:67:01:23:45 vc_mem.mem_base=0x3eb00000 vc_mem.mem_size=0x3ff00000 console=ttyAMA10,115200 console=tty1 root=PARTUUID=...-02 rootfstype=ext4 fsck.repair=yes rootwait quiet splash plymouth.ignore-serial-consoles
[ 0.000000] Memory: 8GB
[ 1.234567] Mounted root filesystem
[ 3.123456] systemd[1]: Welcome to Raspbian GNU/Linux 12 (bookworm)!
[ 4.456789] sshd[1245]: Server listening on 0.0.0.0 port 22.
[ 4.567890] dhcpcd: no interfaces to listen on
[ 4.678901] avahi-daemon: startedExample findings BootIntel surfaces
- SSH on 0.0.0.0:22 (HIGH) — line 14. If this Pi is on a public/guest network, it's exposed. Combined with default-user lockout, this is the #1 source of compromised Pis in the wild.
- avahi-daemon advertising mDNS (MEDIUM) — broadcasts hostname + service set to the LAN, useful to attackers for inventory.
- quiet splash on serial = console hidden but accessible (LOW) — the kernel hides further output from console=tty1, but ttyAMA10 still shows userspace; if init-on-tty is enabled, serial = shell.
Related reading
- Finding UART Pins on an Unknown Board — Pi UART pins (GPIO 14 TX, GPIO 15 RX, 3.3V) are documented but worth knowing.
- Device Fingerprinter — paste a Pi boot log to identify the exact model + kernel version.