rellla changed the topic of #linux-sunxi to: Allwinner/sunxi /development discussion - did you try looking at our wiki? https://linux-sunxi.org - Don't ask to ask. Just ask and wait! - https://github.com/linux-sunxi/ - Logs at http://irclog.whitequark.org/linux-sunxi - *only registered users can talk*
MangyDog has quit [Ping timeout: 260 seconds]
jbrown has quit [Ping timeout: 272 seconds]
dev1990_ has quit [Quit: Konversation terminated!]
gaston1980 has quit [Quit: Konversation terminated!]
ChriChri_ has joined #linux-sunxi
ChriChri has quit [Ping timeout: 260 seconds]
ChriChri_ is now known as ChriChri
_whitelogger has joined #linux-sunxi
cnxsoft has joined #linux-sunxi
TheSeven has quit [Ping timeout: 240 seconds]
TheSeven has joined #linux-sunxi
asdf28 has joined #linux-sunxi
asdf28 has quit [Ping timeout: 240 seconds]
OnkelUll1 has left #linux-sunxi [#linux-sunxi]
lurchi_ has joined #linux-sunxi
lurchi__ has quit [Ping timeout: 246 seconds]
OnkelUlla has joined #linux-sunxi
_whitelogger has joined #linux-sunxi
cnxsoft1 has joined #linux-sunxi
cnxsoft has quit [Ping timeout: 272 seconds]
gediz0x539 has joined #linux-sunxi
asdf28 has joined #linux-sunxi
reinforce has joined #linux-sunxi
gediz0x539 has quit [Ping timeout: 240 seconds]
gediz0x539 has joined #linux-sunxi
gediz0x539 has quit [Client Quit]
indy has joined #linux-sunxi
diego71 has quit [Ping timeout: 260 seconds]
gediz0x539 has joined #linux-sunxi
diego71 has joined #linux-sunxi
_whitelogger has joined #linux-sunxi
cmeerw has joined #linux-sunxi
JohnDoe_71Rus has joined #linux-sunxi
ldevulder__ is now known as ldevulder
yann|work has joined #linux-sunxi
[jesapel^root] is now known as [ShockwaveRider]
dev1990 has joined #linux-sunxi
mripard has quit [Quit: Lost terminal]
mripard has joined #linux-sunxi
qschulz has joined #linux-sunxi
<bauen1> willmore: haven't heard of it yet, but i'm mostly looking for a hardware RISC-V that can run linux without selling a kidney, a few weeks ago rioslabs announced the development of a raspberry pi like RISC-V board (https://rioslab.org/) but so far not much has come of that
florian_kc has joined #linux-sunxi
florian_kc is now known as florian
gnarface has quit [Quit: Leaving]
jernej has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net]
jernej has joined #linux-sunxi
jernej has quit [Client Quit]
jernej has joined #linux-sunxi
indy has quit [Read error: Connection reset by peer]
jernej has quit [Client Quit]
jernej has joined #linux-sunxi
jernej has quit [Client Quit]
jernej has joined #linux-sunxi
jernej has quit [Client Quit]
jernej has joined #linux-sunxi
indy_ has joined #linux-sunxi
gnarface has joined #linux-sunxi
tnovotny has joined #linux-sunxi
matthias_bgg has joined #linux-sunxi
AneoX has joined #linux-sunxi
_whitelogger has joined #linux-sunxi
<bauen1> so FEL can also be used to read data (https://linux-sunxi.org/FEL/Protocol FEL_UPLOAD) can also be used to read memory, so either burning the pins or using an SRAM PUF is required to defend against that
<karlp> trying to defend against physical access? sounds like a fun way to suck time :)
<bauen1> absolutely
<bauen1> and if you've got something that is "secure", just increase your attackers budget and keep going lol
jbrown has joined #linux-sunxi
ganbold has quit [Ping timeout: 256 seconds]
Mangy_Dog has joined #linux-sunxi
cnxsoft1 has quit [Read error: Connection reset by peer]
fl_0 has quit [Ping timeout: 272 seconds]
fl_0 has joined #linux-sunxi
ldevulder_ has joined #linux-sunxi
ldevulder has quit [Ping timeout: 264 seconds]
gaston1980 has joined #linux-sunxi
tnovotny has quit [Quit: Leaving]
tnovotny has joined #linux-sunxi
chewitt has joined #linux-sunxi
lurchi_ is now known as lurchi__
ldevulder_ is now known as ldevulder\
ldevulder\ is now known as ldevulder
<hramrach> yes, if you are paranoid you should keep your computer in a locked suitcase and assume it compromised if ther eis any sign of tampering
<hramrach> because you might be runnig trusted code but constructing small piece of additional hardware that reads your keystrokes or spies some low-speed bus is quite easy and quite hard to detect
JohnDoe_71Rus has quit [Quit: KVIrc 5.0.1 Aria http://www.kvirc.net/]
AneoX has quit [Ping timeout: 258 seconds]
mauz555 has joined #linux-sunxi
ganbold has joined #linux-sunxi
matthias_bgg has quit [Ping timeout: 256 seconds]
lurchi__ is now known as lurchi_
AneoX has joined #linux-sunxi
matthias_bgg has joined #linux-sunxi
mauz555 has quit []
JohnDoe_71Rus has joined #linux-sunxi
gediz0x539 has quit [Quit: Leaving]
reinforce has quit [Quit: Leaving.]
matthias_bgg has quit [Ping timeout: 256 seconds]
chewitt has quit [Quit: Adios!]
<bauen1> hramrach: the real elephant in the room is how a human with (limited) no tools can verify the identity or integrity of an object, but this proof also needs to be impossible to fake
<bauen1> probably impossible
<bauen1> you don't really need to carry around an entire computer / laptop, you only really need a trusted way of doing I/O (keyboard + screen) and a processor that can do asymtric encryption
<bauen1> you don't need any storage if you can memorise a number and a password
<bauen1> or rather you don't need any trusted storage
matthias_bgg has joined #linux-sunxi
<bauen1> nevermind the $5 iron pipe to the head secret extraction method
AneoX has quit [Ping timeout: 244 seconds]
AneoX has joined #linux-sunxi
AneoX has quit [Ping timeout: 240 seconds]
AneoX has joined #linux-sunxi
florian has quit [Quit: Leaving]
xyntrix has joined #linux-sunxi
matthias_bgg has quit [Quit: Leaving]
tnovotny has quit [Quit: Leaving]
msimpson has joined #linux-sunxi
vagrantc has joined #linux-sunxi
gaston1980 has quit [Ping timeout: 240 seconds]
gaston1980 has joined #linux-sunxi
AneoX has quit [Ping timeout: 240 seconds]
damex has joined #linux-sunxi
lurchi_ is now known as lurchi__
victhor_ has joined #linux-sunxi
victhor_ is now known as victhor
JohnDoe_71Rus has quit [Read error: No route to host]
JohnDoe_71Rus has joined #linux-sunxi
gaston1980 has quit [Ping timeout: 256 seconds]
[ShockwaveRider] is now known as [Heineken]
gaston1980 has joined #linux-sunxi
tuxd3v has quit [Remote host closed the connection]
vagrantc has quit [Ping timeout: 240 seconds]
vagrantc has joined #linux-sunxi
JohnDoe_71Rus has quit [Quit: KVIrc 5.0.0 Aria http://www.kvirc.net/]
gaston1980 has quit [Ping timeout: 256 seconds]
gaston1980 has joined #linux-sunxi
<bauen1> btw i also made a memory map of the H6 from the manual and BSP (https://linux-sunxi.org/H6/Memory_map), still a WIP
<asdf28> nice
<bauen1> and i should probably point most of the broken links into the H6 namespace
<asdf28> WARNING: CPU: 1 PID: 1 at drivers/base/platform.c:317 __platform_get_irq_byname+0x7c/0x8c
<asdf28> 0 is an invalid IRQ number
<asdf28> Hardware name: Allwinner sun7i (A20) Family
<asdf28> does anyone know what causes this error?
<bauen1> and by the looks of it, https://linux-sunxi.org/Memory_map should really be moved to A10/Memory_Map
<libv> bauen1: it's a wiki
<libv> you should be able to rename
yann|work has quit [Ping timeout: 240 seconds]
victhor has quit [Quit: Leaving]
victhor has joined #linux-sunxi
victhor has quit [Client Quit]
[Heineken] is now known as [promenade]
iyzsong- has joined #linux-sunxi
gumblex has joined #linux-sunxi
kelvan_ has joined #linux-sunxi
merlin_1991 has joined #linux-sunxi
iyzsong has quit [Ping timeout: 244 seconds]
gumblex_ has quit [Ping timeout: 244 seconds]
warpme_ has quit [Ping timeout: 244 seconds]
mahoux has quit [Ping timeout: 244 seconds]
samueldr has quit [Ping timeout: 244 seconds]
kelvan has quit [Ping timeout: 244 seconds]
merlin1991 has quit [Ping timeout: 244 seconds]
z3ntu has quit [Ping timeout: 244 seconds]
iyzsong- is now known as iyzsong
warpme__ has joined #linux-sunxi
warpme__ has joined #linux-sunxi
warpme__ has quit [Changing host]
mahoux has joined #linux-sunxi
z3ntu has joined #linux-sunxi
samueldr has joined #linux-sunxi
<bauen1> there's also another fun attack vector: only the boot code is signed, not the run address
<bauen1> so given a valid toc0 file you can modify the TOC0_SERIAL_NUM, TOC0_STATUS, append additional items, the reserved field, and most importantly the run address
<bauen1> it's basically an arbitrary write of predefined values
<bauen1> at the very least the boot code needs to handle being loaded to arbitrary addresses
<bauen1> or controlled code execution if you target it at read-only memory, e.g. the brom
jbrown has quit [Quit: Leaving]
<asdf28> i understand nothing
<bauen1> basically the toc0 https://linux-sunxi.org/TOC0 is the format read by the sbrom (secure boot code)
<bauen1> the secure boot rom verifies that the certificate in the TOC0 matches the one in the SID before executing the code
<bauen1> after it has verified the signed code it copies it to the run_address specified in the TOC0
<bauen1> in theory this allows for secure boot, i.e. only boot what has been signed by you
<bauen1> except that only the code executed is signed, but not the location where it is copied to be executed
<bauen1> so you could point that where ever you want the sbrom will (try to) copy the code and then jump to it
<karlp> and how does the run address matter again?
<asdf28> i wish i could comment on that but it's beyond my knowledge
<bauen1> karlp: the sbrom will copy the contents of the toc0 to that location, and then jump to it
<bauen1> for example if you have your signed code that expects to be loaded at 0x10000, i can load it somewhere else, e.g. 0x1BADBAD and still have it signed
<asdf28> can you use the uboot bin/fex system with a newer mainline kernel?
rex_victor has joined #linux-sunxi
<karlp> bauen1: right..... and?
jbrown has joined #linux-sunxi
<bauen1> you can do a lot of things if you can write to memory
<bauen1> and that defeats the purpose of secure boot
<asdf28> :->
mauz555 has joined #linux-sunxi
lurchi__ is now known as lurchi_
<bauen1> and i think the toc0 is loaded at 0x10000 upwards and the stack grows down from ~0x44ff0 downwards you can just make a really big toc0 image, overwrite the stack with pointers to your code
<bauen1> allwinner and secure boot, so close yet so far
vagrantc has quit [Ping timeout: 240 seconds]
vagrantc has joined #linux-sunxi
msimpson has quit [Remote host closed the connection]
<bauen1> if anyone wants to test my theory on an actuall h5 board with secure boot enabled i can probably cook up an image
<bauen1> smaeul: oh and if you ever dump the nbrom or sbrom of the h6 i would love to take a look at it too
asdf28 has quit [Ping timeout: 256 seconds]
vagrantc has quit [Ping timeout: 244 seconds]
vagrantc has joined #linux-sunxi
nashpa_ has joined #linux-sunxi
nashpa has quit [Ping timeout: 260 seconds]
cmeerw has quit [Ping timeout: 240 seconds]
steev has quit [Ping timeout: 272 seconds]
steev has joined #linux-sunxi
mauz555 has quit []
dev1990 has quit [Quit: Konversation terminated!]
tuxillo has quit [Read error: Connection reset by peer]
tuxillo has joined #linux-sunxi
lurchi_ is now known as lurchi__
Mangy_Dog has quit [Ping timeout: 240 seconds]
_whitelogger has joined #linux-sunxi
vagrantc has quit [Quit: leaving]