<smaeul>
bauen1: indeed, I padded the TOC0 out to 0x00026a00 (154k) and I get no output and no FEL (even after I remove the SD card)
gaston1980 has quit [Quit: Konversation terminated!]
victhor has quit [Ping timeout: 240 seconds]
cnxsoft1 has quit [Ping timeout: 264 seconds]
cnxsoft has joined #linux-sunxi
Mangy_Dog has quit [Ping timeout: 260 seconds]
chewitt has quit [Quit: Zzz..]
[7] has quit [Ping timeout: 260 seconds]
TheSeven has joined #linux-sunxi
_whitelogger has joined #linux-sunxi
lurchi_ has joined #linux-sunxi
lurchi__ has quit [Ping timeout: 272 seconds]
_whitelogger has joined #linux-sunxi
apritzel has joined #linux-sunxi
_whitelogger has joined #linux-sunxi
AneoX has quit [Ping timeout: 260 seconds]
AneoX has joined #linux-sunxi
cmeerw has joined #linux-sunxi
random_yanek has quit [Ping timeout: 264 seconds]
apritzel has quit [Ping timeout: 264 seconds]
random_yanek has joined #linux-sunxi
\\Mr_C\\ has joined #linux-sunxi
cnxsoft has quit [Quit: cnxsoft]
abelvesa has quit [Quit: Lost terminal]
abelvesa has joined #linux-sunxi
<bauen1>
smaeul: well that is bad news lol
<bauen1>
so anyone with control over smhc 0 can probably bypass secure boot, nice
<bauen1>
that just really leaves attaching an RTC battery and using the boot hotplug / general purpose registers to store a tiny bit of code and secrets
<bauen1>
approximately 9, maybe 13 words of data to work with
<bauen1>
just writing the cpu0 hotplug register / entry to point to an infinite loop and then using the other words to store a secret would be enough to prevent this attack
<bauen1>
but would cause the cpu to go into a reset loop if it ever looses power (not rtc power), so maybe the general purpose registers could be used to e.g. load an image of certain size from smhc 0 and then continue the normal validation path
<bauen1>
actually, just moving the stack to a save location would be enough, but there is no memory below 0x20000
MoeIcenowy has quit [Quit: ZNC 1.7.2+deb3 - https://znc.in]
MoeIcenowy has joined #linux-sunxi
The_Loko has joined #linux-sunxi
<bauen1>
actually patching a single instruction in the sbrom code might be enough to make booting from smhc 0 safe, so copy the entire sbrom somewhere, patch the byte and call it (might as well patch out the monitor backdoor at that point too)
victhor has joined #linux-sunxi
jstein has joined #linux-sunxi
apritzel has joined #linux-sunxi
<bauen1>
it also looks like the rtc actually has 0x30 bytes of usable registers, but only 0x20 bytes are officially documented as "general purpose"
lucascastro has quit [Ping timeout: 260 seconds]
Mangy_Dog has joined #linux-sunxi
abelvesa has quit [Remote host closed the connection]
abelvesa has joined #linux-sunxi
cnxsoft has joined #linux-sunxi
eduardas has joined #linux-sunxi
<jernej>
apritzel: I made some progress with h616 dram driver - now it fails at write leveling
<jernej>
if you want to take a look/help. I force pushed changes to gh
netlynx has joined #linux-sunxi
netlynx has quit [Changing host]
netlynx has joined #linux-sunxi
<apritzel>
jernej: I am still waiting for my H616 board to arrive, so can't be of much practical help.
<apritzel>
I can try it on my A63 tablet later tonight, but I don't have anything working there on the DRAM side either, so nothing to compare against
<jernej>
no hurry at all
<jernej>
this driver seems to cover multiple SoCs but not A63
<jernej>
note that it's DDR3 only - all H616 boards/boxes seems to have DDR3
apritzel has quit [Ping timeout: 256 seconds]
Net147 has quit [Ping timeout: 260 seconds]
lucascastro has joined #linux-sunxi
Net147 has joined #linux-sunxi
The_Loko has quit [Quit: Leaving]
chewitt has joined #linux-sunxi
ldevulder_ has joined #linux-sunxi
apritzel has joined #linux-sunxi
Net147 has quit [Ping timeout: 272 seconds]
ldevulder__ has quit [Ping timeout: 260 seconds]
apritzel has quit [Ping timeout: 272 seconds]
Net147 has joined #linux-sunxi
lurchi_ has quit [Quit: Konversation terminated!]
apritzel has joined #linux-sunxi
apritzel has quit [Ping timeout: 246 seconds]
apritzel has joined #linux-sunxi
cnxsoft has quit [Remote host closed the connection]
cnxsoft has joined #linux-sunxi
gaston1980 has joined #linux-sunxi
victhor has quit [Ping timeout: 246 seconds]
ddlstwrr has joined #linux-sunxi
vagrantc has joined #linux-sunxi
victhor has joined #linux-sunxi
apritzel has quit [Ping timeout: 246 seconds]
dev1990 has joined #linux-sunxi
ddlstwrr has quit [Read error: Connection reset by peer]
apritzel has joined #linux-sunxi
apritzel has quit [Ping timeout: 260 seconds]
apritzel has joined #linux-sunxi
apritzel has quit [Ping timeout: 260 seconds]
atsampson has quit [Ping timeout: 260 seconds]
atsampson has joined #linux-sunxi
Jeremy_Rand_DT[m has quit [Ping timeout: 260 seconds]
matteosilex has quit [Ping timeout: 260 seconds]
Irenes[m] has quit [Ping timeout: 260 seconds]
matteosilex has joined #linux-sunxi
Jeremy_Rand_DT[m has joined #linux-sunxi
Irenes[m] has joined #linux-sunxi
azend has quit [Ping timeout: 256 seconds]
azend has joined #linux-sunxi
apritzel has joined #linux-sunxi
apritzel has quit [Ping timeout: 240 seconds]
apritzel has joined #linux-sunxi
azend has quit [Ping timeout: 260 seconds]
netlynx has quit [Remote host closed the connection]