[Arm-netbook] Verifying firmware

Luke Kenneth Casson Leighton lkcl at lkcl.net
Sun Aug 21 21:55:31 BST 2016


---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68


On Sun, Aug 21, 2016 at 9:19 PM, Raphaël Mélotte
<raphael.melotte at gmail.com> wrote:
> Hello,
>
> First of all I have been following the crowdfunding and mailing list since
> the first of august (I have been using another email adress) and I have to
> say I really like every aspect of this project and I highly respect and
> admire the ideology that goes with the project.

 thanks.  it's not quiiite "ideology" - there are genuine sound and
practical business reasons for doing what we're doing.  let me put it
another way: when we get to mass-volume levels would you *like* us to
be "yet another proprietary software peddler"? :)


> I haven't been able to pledge until now but I will make sure to do so as
> soon as I can and before the crowdfunding ends. I really want to test what
> an EOMA68 laptop would look and behave like, and I want to replace my  tiny
> Raspberry pi server with another EOMA68 (I will also be willing to buy more
> powerful computer cards if they ever get created).

 cool.  they will.

> Since the EOMA68 is entirely free,

 the *standard* is open (properly open), the source code is libre, and
the hardware is 99% libre, aiming for 100%.

> I was thinking that *theoretically* it
> should be possible to read and verify every firmware, and/or binaries
> present to run the chip (I don't really know how to call it so I will call
> it "microcode").

 the only "microcode" - using the phrase you use - that we know of is
the eGON Boot ROM, which hno has extracted and
part-reverse-engineered, more info here:
http://linux-sunxi.org/EGON#eGON.BRM

> More and more people are worried about the microcodes that
> are run on our hardware and being able to verify what is actually running on
> our machine (when it boots for example) would be comforting. It seems to me
> that it's the first time the source code for every microcode in a computer
> will be available, since some projects tried to do so in the past, but never
> achieved to run 100% without proprietary code (purism, novena, ...).

 there are actually plenty - many of them early beaglebone designs
especially those around the AM Sitara series - but it's the first that
could be deployed usefully in mass-volume scenarios as opposed to
"engineering only" boards.

> From a security point of view, open source code

 no it isn't... *libre* source code is...

>  is the best option since it
> allows to check if the code being run isn't malware. However, if I don't
> verify the code present on my machine, how will I know it is the same code
> as the source that was analyzed and that it is not malicious code ?

 well if you can't do it, at least someone else can.

> That's
> why I'm asking if it would be possible to read the microcodes present on the
> chip, and check them against the online source codes (kind of a checksum ?).

 no idea.

> That way we would be able to know if the code had been tampered with, be it
> during shipping, after being infected by a malware that was somehow able to
> change the boot code or some firmware, an evil maid attack, etc.

 well, we picked an "unbrickable" processor precisely so that you
could download binaries / source from a *trusted* source and re-flash
everything.

> Just to be clear I'm not being paranoid to the point where I would suspect
> some bad guys inserting malware in my machine during shipping (I guess the
> country I live in is "libre" enough to not do that,

 you _are_ joking, right? :)  it's *well known* that the NSA unboxes
Cisco products and other routers, installs replacement firmware *AND
CHIPS*, then boxes them back up and sends them on their way.  there's
even photographs online of them carrying out these practices.


> but that's surely not
> the case for everyone everywhere in the world), and I will probably not try
> to verify every firmware on the chip, but since this is one of the first
> truly free system I was asking myself if it would be possible.

 yes.

> I also understand that as of today, checking every code on a system is more
> an utopia then a doable thing (you'd also have to check firmware from your
> keyboard, mouse, webcam, USB flash drive, and pretty much everything you
> connect to the main board)

 true... but here you *can* check the STM32F072's firmware (which
controls the keyboard, mouse and PMIC), and you can re-flash on every
boot should you so wish... bear in mind that's going to wreck the
on-board flash at some point, but you can do it.


> and may be pointless, but I'm also confident that
> in the future (maybe distant, maybe not) we will have to be able to do so if
> we want to keep our digital life private, as everything we do is more and
> more linked to the digital world, and malware techniques are becoming more
> and more creative (see for example BadUSB).

 yep.... not a lot that can be done about that.  shoving 240v AC down
a 5v DC line is guaranteed to be disastrous, no matter what the piece
of electronics is.

> I'm not a computer scientist and although I do my best to learn how software
> works, I don't understand everything about hardware and I may be missing
> some important point that makes my idea impossible to realize. That's why
> I'm asking it here since you know far more about it then me.
>
> Also please forgive my written expression: I'm doing my best to express my
> ideas clearly, but English isn't my native language and I sometimes don't
> know how to express myself to be best understood.

 doing pretty well so far

> Anyway, I sincerely hope this project becomes a great success, and that you
> will be able to make it grow even more.

 thanks.



More information about the arm-netbook mailing list