freemangordon_ has quit [Ping timeout: 240 seconds]
Kabouik_ has quit [Remote host closed the connection]
Kabouik_ has joined #neo900
knttl has quit [Ping timeout: 260 seconds]
knttl has joined #neo900
Kabouik- has joined #neo900
Kabouik_ has quit [Ping timeout: 240 seconds]
_whitelogger has joined #neo900
ravelo has joined #neo900
<drathir>
Xiaoman: even if trusted You cant put of hands Your phone... 01:39 < Xiaoman> If my kernel is trusted it won't make a difference, if my kernel is untrusted then that hardware getting abused is the least of my worries.
<drathir>
Xiaoman: unles You get full encryption including /boot partition...
<Joerg-Neo900>
plus the degree of coldboot/coldflash protection we implement in Neo900
<drathir>
Joerg-Neo900: yea cold flashing indeed very useful thing ^^
<Joerg-Neo900>
also a very dangerous thing
<drathir>
Joerg-Neo900: flashing n900 was really incredible easy thing even not mention fast as light 'almost', but still in case of murphy law <fan here> good to have support for cold flashing...
<Joerg-Neo900>
Neo900 even offers two levels of evil maid protection, the 'normal' (default) one being effective against the more common and more dangerous "evil USB charger, at airport" scenario where you use an unknown public /rogue) USB charger that reflashes your bootloader or reads out your data. The more effective "full protected mode" is impossible to revert by any attacker that has no full featured hardware rework and forensics lab with them, and
<Joerg-Neo900>
sufficient time to accomplish the attack (more than an hour, possibly several hours of time) -- usual encryption of all storage is up to user/admin, and we provide the hardware means to make boot sufficiently tamper-proof to withstand attacks shorter than 1h
<drathir>
Joerg-Neo900: personally using daily full encryption including /boot + verify if nothing rewrite on the fy boot, if full encryption performed not easy possible to access and mess with data...
<drathir>
Joerg-Neo900: but true hard to secure under running device...
<Joerg-Neo900>
unless you can do cold reflash
ArturSha1 has joined #neo900
<Joerg-Neo900>
another approach is to use secure boot that only loads and executes checksummed+signed bootloaders and kernels, but that needs user to possess a *unique* secret signature key for their device
<drathir>
Joerg-Neo900: if something get root on running device no possibility to protect sadly...
<Joerg-Neo900>
yes, but that's orthogonal to what I'm talking about here
<Joerg-Neo900>
this attack vector targets at bootloader where no concept of users like "root" exists yet. Those concepts get introduced by kernel
ArturShaik has quit [Ping timeout: 255 seconds]
<drathir>
there is little different than in pc not possible probably encrypt full boot, but at pc there os possibility to verify boot if not changed before unlock root partition...
<drathir>
there os/there is*
<Joerg-Neo900>
yes, this is called secure boot and based on concepts of Trusted Computing
ArturSha1 has quit [Ping timeout: 258 seconds]
<Joerg-Neo900>
some immutable mechanism in your hardware needs to verify the hash across your first stage bootloader before executing it
<drathir>
yes detecting if kernel is untouched even before unlock root checking checksums, sadly again that not protect if root acces is gained and evil kernel instaled sadly ;/
<Joerg-Neo900>
no, that's a different and inapt means to try and establish security against coldflash attacks
* drathir
dont like current secure boot per se but verify metod more sane than present secure boot implementaton could be great...
<drathir>
more in way that user define method iven if gpg based kind of, and not some 3rd companies which leak private keys make all devices vulnerable...
<drathir>
even*
<drathir>
there in theory are tpm devices but honestly not so technically sure if them are really so secure and dont have hidden backdoors inside...
<Joerg-Neo900>
Neo900 protects/blocks the hardware attack vector to modify bootloaders, by not allowing (unsolicited by user) coldflashing. All other methods to alter the bootloader require root permissions in the system and thus are not in the scope of hardware
<drathir>
Joerg-Neo900: what if under root flashing eg power down device get hard bricked?
<Joerg-Neo900>
TPM *is* a backdoor per definition, since the manufacturer installs and thus knows the root cert that's used to verify the bootloader. Apart from that this concept is very well understood and implemented in a bug-free way meanwhile, which means you hardly can find an exploit to gain root on your own device when manufacturer doesn't allow it
<Joerg-Neo900>
drathir: sorry? please rephrase
<drathir>
Joerg-Neo900: in case flashing kernel fil from some reason some error/run of battery power in that scenario no possible to reflasf device bring it to life again?
<drathir>
i guess great in my opinion would be kind of user definied eg sdcard preparation which pair card with device allowing bricked device flash in that method...
<Joerg-Neo900>
drathir: please read what I posted above. There are two levels of protection, one is based on user doing a special hardware-only input to enable coldflashing on lowest chip level. And then there's the ultimate protection that irrecoverably blocks this feature so yiu cannot recover from bricking your bootloader
<drathir>
Joerg-Neo900: /me like solutions where user generating keys not like keys are hardcoded/generated by producer... even more give possibility to import keys not generated by hw rng but by software...
<Joerg-Neo900>
that's software and not subject to developing a secure device hardware, unless you talk about TPM
<Joerg-Neo900>
Neo900 has no TPM and I'm not sorry about that
<Joerg-Neo900>
we have a method that yields equivalent protection against attacks but doesn't need TPM and thus doesn't introduce the TPM "backdoor"
<drathir>
what would looks like that hardware-only input kind of pres user definied combination of keys before enter cold flashing?
<Joerg-Neo900>
remove battery lid
<Joerg-Neo900>
without battery lid removed, device will not allow coldflashing
<drathir>
yea even hw rng sadly not always could be so trully random...
<drathir>
Joerg-Neo900: thats interesting...
<drathir>
btw if may ask if till battery cover unmounting sdcard ?
<drathir>
yill/still*
<Joerg-Neo900>
no, we changed that
<drathir>
++
<Joerg-Neo900>
now senses unlocking of uSD holder
<Joerg-Neo900>
but the recommended method is to manually umount, via UI means
<Joerg-Neo900>
"manually" as in "by software means triggered by user interaction"
<drathir>
Joerg-Neo900: yea thats much better sounds to me... including hot-swappable batteries is really nice feature...
<Joerg-Neo900>
the hot-swap feature is yet up to evaluation, nit guaranteed to work reliably. However we have suspend to RAM and suspend to disk now, in system, which guarantees hotswap will work
<drathir>
and how aboyu cmos like onboard battery?
<Joerg-Neo900>
suggested method is to detect battery lid removal to "ask user" if to umount uSD or to go into suspend state for allowing bat hotswap
<Joerg-Neo900>
too big and bulky
<Joerg-Neo900>
modem could draw as much as 2A
<Joerg-Neo900>
you want to sort of suspend system before battery hotswap
<drathir>
yep suspendng is nice and reasonable way to save power drain of device...
<drathir>
in older devices them like to corode, even if working still...there is any way to improve switch to something more life longer solution?
<drathir>
corode mean that small onboard battery...
<drathir>
also wonder if there is planned connector fr gsm/wifi antenna signal extender? yea i know its kind of crazy idea...
<drathir>
fr/for*
<Joerg-Neo900>
yes, we have connectors for both :-)
<drathir>
Joerg-Neo900: O.o woow once again suprised ^^
<drathir>
++
<Joerg-Neo900>
please beware! those connectors are not meant for daily usage, so you need to plug your own piggytail adapter with a antenna connector made to survive more mating cycles
<Joerg-Neo900>
the ones we got are only certified for ~50 mating cycles
<Joerg-Neo900>
alas there's no better solution
<Joerg-Neo900>
and obviously you need to drill a hole to the case to access those jacks
<Joerg-Neo900>
luckily under battery cover
<Joerg-Neo900>
please rephrase your question about corrosion
<Joerg-Neo900>
are you asking about a better replacement for backup battery in N900?
<drathir>
Joerg-Neo900: Yea sure thing hard to pack rp-sma connector ^^
<Joerg-Neo900>
yep :-D
<Joerg-Neo900>
too big
<drathir>
indeed place waste...
<drathir>
the old n900 gets onboard battery included after years,years,years that battery started changing colours to green and in place visable coroding started even if battery still keep a time after fast fattery replacement there will be still that kind of battery or replaced by something more long life survive thing?
<Joerg-Neo900>
use a polyacene capacitor type "battery" replacement