<bauen1>
smaeul: nice work on the toc0 wiki page ; i'm interested, how did you find the meaning of TOC0_ITEMn_STATUS / TOC0_STATUS ?
<bauen1>
i'm also really confused as to what allwinner did with their R_TWDG
<bauen1>
it contains SST_NV_COUNTER_REG, SYN_DATA_COUNTER_REG{0..3} supposedly "Secure Storage NV-Counter Register" ; "Synchronize Data Counter Register {0..3}"
<bauen1>
but they're not backed by anything, a simple reset clears any value written to them, effectively making them SRAM
<bauen1>
tested on both the H6 (which doesn't even have R_TWDG documented, but allwinner is predictable lol) and the pine64 which has an a64
mauz555 has quit []
<bauen1>
there's also `The 2^32 monotonic counter does not need to be e-Fuses, but it does need to be fully secure. Using the SoC embedded NVM, or external secure element, or a trusted register, which is always on power. ` in the a64 manual
<bauen1>
what does NVM stand for in this context
<bauen1>
probably Non Volatile Memory
<bauen1>
but i don't think any allwinner SoCs have any
<apritzel>
bauen1: probably short for "never mind" :-D
<bauen1>
apritzel: i mean implementing replay protection using the sid efuses is possible ; but rather costly
<bauen1>
or the replay protected block of an sd
<bauen1>
which i think is what microsofts fTPM on the surface tablets does
apritzel has quit [Ping timeout: 265 seconds]
apritzel has joined #linux-sunxi
warpme_ has joined #linux-sunxi
lucascastro has joined #linux-sunxi
lucascastro has quit [Ping timeout: 256 seconds]
<montjoie>
hello I try to flash chip via fel and I get "usb_bulk_send() ERROR -7: Operation timed out"
<montjoie>
any idea on what happen ?
<megi>
bauen1: looks like it's mean for some nonce
<bauen1>
megi: yes, but it just behaves like sram making it utterly useless
<megi>
lol
<bauen1>
ideally there would be some nvram to store replay counters without the "high cost" of efuses
ldevulder has quit [Ping timeout: 256 seconds]
<asdf28>
bauen1 did you buy a single board computer?
<bauen1>
asdf28: tl lim send me a pine h64 and a pine64 for free
<apritzel>
montjoie: Does "sunxi-fel -v -p ver" say something?
<apritzel>
montjoie: and are you in FEL mode properly?
<apritzel>
montjoie: sometimes some stray voltage from somewhere prevents proper reset/ FEL entry
<bauen1>
anyway i think it's about time i flash my h64 to secure mode, i've already tested installing gentoo on it which should make kernel / tee development easier
<apritzel>
for instance try to connect the USB cable *after* entering FEL mode
<apritzel>
montjoie: or disconnect the serial wires during the reset
<apritzel>
montjoie: also try the Windows way: just retry
gaston1980 has quit [Quit: Konversation terminated!]
apritzel has quit [Ping timeout: 272 seconds]
<montjoie>
apritzel it has worked and uboot appears
<montjoie>
but now I retry nothing
<montjoie>
like I burned it
<montjoie>
disconnecting all wires, still nothing
ldevulder has joined #linux-sunxi
kaspter has quit [Ping timeout: 240 seconds]
kaspter has joined #linux-sunxi
lurchi_ is now known as lurchi__
ldevulder has quit [Ping timeout: 260 seconds]
<montjoie>
pdu fault finaly. so reseting uart was the trick
lurchi__ is now known as lurchi_
netlynx has quit [Quit: Ex-Chat]
<asdf28>
bauen1, that's awesome
<asdf28>
now you must make retro gaming device
<bauen1>
lol
<bauen1>
if at all possible i want to use the h64 as "root of trust", i.e. trusted computing platform to host keys and compile binaries for other boards
<bauen1>
*secret keys
<asdf28>
why all this security stuff?
<bauen1>
i'm just interested in hardware security / floss hardware
<bauen1>
allwinner chips are a nice stepping stone until risc-v becomes a bit more affordable
<asdf28>
i don't understand any of this... but you could probably earn 10,000€ a month if you are a security expert
<bauen1>
probably, currently i've started my B.Sc. in Informatics so i'm a bit strapped for time
ldevulder has joined #linux-sunxi
apritzel has joined #linux-sunxi
<bauen1>
smaeul: by the way mkimage doesn't compile with `make tools-only_defconfig tools-only` due to assuming that an allwinner SoC is already selected