eduardas has quit [Quit: Konversation terminated!]
lucascastro has quit [Ping timeout: 264 seconds]
hanni76 has joined #linux-sunxi
koty0f has joined #linux-sunxi
lucascastro has joined #linux-sunxi
e3ef13f4ff44 has left #linux-sunxi ["WeeChat 2.8"]
vagrantc has joined #linux-sunxi
netlynx has joined #linux-sunxi
netlynx has joined #linux-sunxi
florian_kc is now known as florian
sunshavi has joined #linux-sunxi
hanni76 has quit [Remote host closed the connection]
jstein has joined #linux-sunxi
tnovotny has quit [Quit: Leaving]
juri_ has quit [Ping timeout: 272 seconds]
ganbold__ has quit [Read error: Connection reset by peer]
gnarface has quit [Remote host closed the connection]
atsampson has quit [Ping timeout: 272 seconds]
gnarface has joined #linux-sunxi
koty0f has quit [Quit: Konversation terminated!]
apritzel has quit [Ping timeout: 264 seconds]
lucascastro has quit [Remote host closed the connection]
lucascastro has joined #linux-sunxi
juri_ has joined #linux-sunxi
lucascastro has quit [Remote host closed the connection]
lucascastro has joined #linux-sunxi
atsampson has joined #linux-sunxi
vagrantc has quit [Quit: leaving]
vagrantc has joined #linux-sunxi
gnarface has quit [Quit: Leaving]
yann has quit [Ping timeout: 264 seconds]
yann has joined #linux-sunxi
gnarface has joined #linux-sunxi
lkcl has quit [Ping timeout: 240 seconds]
AneoX has quit [Ping timeout: 260 seconds]
AneoX has joined #linux-sunxi
apritzel has joined #linux-sunxi
lkcl has joined #linux-sunxi
matthias_bgg has quit [Ping timeout: 272 seconds]
damex has quit [Ping timeout: 258 seconds]
damex has joined #linux-sunxi
rojiro has quit [Ping timeout: 240 seconds]
florian has quit [Disconnected by services]
florian_kc has joined #linux-sunxi
rojiro has joined #linux-sunxi
mauz555 has joined #linux-sunxi
<bauen1>
also the functions that validate 0x10101 are slightly different between the "old" and "new" (0x10303) way
s_frit has quit [Read error: Connection reset by peer]
s_frit has joined #linux-sunxi
gnarface has quit [Quit: Leaving]
grimR has joined #linux-sunxi
netlynx has quit [Quit: Ex-Chat]
sunshavi has quit [Read error: Connection reset by peer]
gnarface has joined #linux-sunxi
victhor has quit [Quit: Leaving]
gnarface has quit [Quit: Leaving]
<bauen1>
hm, so the new 0x10303 is also [vendor id][cert_info][cert_signature], where cert_signature = rsa([vendor_id .. cert_info]) and vendor id is checked to match the efuse value to permit boot
<bauen1>
so that can be used to prevent roll backs, which is nice
gnarface has joined #linux-sunxi
gnarface has quit [Remote host closed the connection]
<bauen1>
and cert_info also looks like it contains the sha256 of the rsa key used in 0x10101 instead of the efuse rotpk
<bauen1>
which also means you can use 2 different certificates, one as root that signs the 0x10303 blob, verifying the certificate used to sign the bootcode
<bauen1>
i'm confused why that wasn't just put into the 0x10101 (or it eliminated)
<bauen1>
combined with the usage of `bool` as return type (instead of int) in the "new" parts, it kind of looks bolted on
mauz555 has quit []
<bauen1>
and it also means that to trigger a bug in the asn1 parse / verify logic for 0x10101 you now need a valid (vendor id match, valid signature) 0x10303