[Arm-netbook] Verifying firmware

Raphaël Mélotte raphael.melotte at gmail.com
Mon Aug 22 20:32:19 BST 2016


>
> Date: Sun, 21 Aug 2016 21:55:31 +0100
> From: Luke Kenneth Casson Leighton <lkcl at lkcl.net>
> To: Linux on small ARM machines <arm-netbook at lists.phcomp.co.uk>
> Subject: Re: [Arm-netbook] Verifying firmware
> Message-ID:
>         <CAPweEDw6dqih5=B-bod2iNU1KzpNFD9NDOhkCu7cHgUrqr2Y1g at mail.
> gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> ---
> crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
>
>
> On Sun, Aug 21, 2016 at 9:19 PM, Raphaël Mélotte
> <raphael.melotte at gmail.com> wrote:
> > Hello,
> >
> > First of all I have been following the crowdfunding and mailing list
> since
> > the first of august (I have been using another email adress) and I have
> to
> > say I really like every aspect of this project and I highly respect and
> > admire the ideology that goes with the project.
>
>  thanks.  it's not quiiite "ideology" - there are genuine sound and
> practical business reasons for doing what we're doing.  let me put it
> another way: when we get to mass-volume levels would you *like* us to
> be "yet another proprietary software peddler"? :)
>
>
> > I haven't been able to pledge until now but I will make sure to do so as
> > soon as I can and before the crowdfunding ends. I really want to test
> what
> > an EOMA68 laptop would look and behave like, and I want to replace my
> tiny
> > Raspberry pi server with another EOMA68 (I will also be willing to buy
> more
> > powerful computer cards if they ever get created).
>
>  cool.  they will.
>
> > Since the EOMA68 is entirely free,
>
>  the *standard* is open (properly open), the source code is libre, and
> the hardware is 99% libre, aiming for 100%.
>
> > I was thinking that *theoretically* it
> > should be possible to read and verify every firmware, and/or binaries
> > present to run the chip (I don't really know how to call it so I will
> call
> > it "microcode").
>
>  the only "microcode" - using the phrase you use - that we know of is
> the eGON Boot ROM, which hno has extracted and
> part-reverse-engineered, more info here:
> http://linux-sunxi.org/EGON#eGON.BRM
>
> > More and more people are worried about the microcodes that
> > are run on our hardware and being able to verify what is actually
> running on
> > our machine (when it boots for example) would be comforting. It seems to
> me
> > that it's the first time the source code for every microcode in a
> computer
> > will be available, since some projects tried to do so in the past, but
> never
> > achieved to run 100% without proprietary code (purism, novena, ...).
>
>  there are actually plenty - many of them early beaglebone designs
> especially those around the AM Sitara series - but it's the first that
> could be deployed usefully in mass-volume scenarios as opposed to
> "engineering only" boards.
>
> > From a security point of view, open source code
>
>  no it isn't... *libre* source code is...
>
> >  is the best option since it
> > allows to check if the code being run isn't malware. However, if I don't
> > verify the code present on my machine, how will I know it is the same
> code
> > as the source that was analyzed and that it is not malicious code ?
>
>  well if you can't do it, at least someone else can.
>
> > That's
> > why I'm asking if it would be possible to read the microcodes present on
> the
> > chip, and check them against the online source codes (kind of a checksum
> ?).
>
>  no idea.
>
> > That way we would be able to know if the code had been tampered with, be
> it
> > during shipping, after being infected by a malware that was somehow able
> to
> > change the boot code or some firmware, an evil maid attack, etc.
>
>  well, we picked an "unbrickable" processor precisely so that you
> could download binaries / source from a *trusted* source and re-flash
> everything.
>
> > Just to be clear I'm not being paranoid to the point where I would
> suspect
> > some bad guys inserting malware in my machine during shipping (I guess
> the
> > country I live in is "libre" enough to not do that,
>
>  you _are_ joking, right? :)  it's *well known* that the NSA unboxes
> Cisco products and other routers, installs replacement firmware *AND
> CHIPS*, then boxes them back up and sends them on their way.  there's
> even photographs online of them carrying out these practices.
>
>
> > but that's surely not
> > the case for everyone everywhere in the world), and I will probably not
> try
> > to verify every firmware on the chip, but since this is one of the first
> > truly free system I was asking myself if it would be possible.
>
>  yes.
>
> > I also understand that as of today, checking every code on a system is
> more
> > an utopia then a doable thing (you'd also have to check firmware from
> your
> > keyboard, mouse, webcam, USB flash drive, and pretty much everything you
> > connect to the main board)
>
>  true... but here you *can* check the STM32F072's firmware (which
> controls the keyboard, mouse and PMIC), and you can re-flash on every
> boot should you so wish... bear in mind that's going to wreck the
> on-board flash at some point, but you can do it.
>
>
> > and may be pointless, but I'm also confident that
> > in the future (maybe distant, maybe not) we will have to be able to do
> so if
> > we want to keep our digital life private, as everything we do is more and
> > more linked to the digital world, and malware techniques are becoming
> more
> > and more creative (see for example BadUSB).
>
>  yep.... not a lot that can be done about that.  shoving 240v AC down
> a 5v DC line is guaranteed to be disastrous, no matter what the piece
> of electronics is.
>
> > I'm not a computer scientist and although I do my best to learn how
> software
> > works, I don't understand everything about hardware and I may be missing
> > some important point that makes my idea impossible to realize. That's why
> > I'm asking it here since you know far more about it then me.
> >
> > Also please forgive my written expression: I'm doing my best to express
> my
> > ideas clearly, but English isn't my native language and I sometimes don't
> > know how to express myself to be best understood.
>
>  doing pretty well so far
>
> > Anyway, I sincerely hope this project becomes a great success, and that
> you
> > will be able to make it grow even more.
>
>  thanks.
>
>
>
> Thank you for your precise answer ! (As every of your answers I saw on the
mailing list)

Ideology probably wasn't the right word, of course I wouldn't like you to
be "yet another proprietary software peddler".
By the way if I got it right, you say 99% of the hardware is open because
only the mali GPU isn't documented ? (but we won't use it)  That is awesome
!
I really didn't know that NSA was already intercepting shipments before
they arrive to their destination, now I'm even more convinced that we need
libre hardware for everyone.

What I forgot to ask was if it was possible to read and possibly reflash
firmware from the userspace, or would it require some special hardware to
be connected directly to the chip like when flashing libreboot ? Anyway I
guess I will find out by myself as investigate more about it.

PS: I miss-configured my subscription to the mailing list and couldn't
reply directly to your message. I hope this reply will get where it has to
be, linked to the right thread.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phcomp.co.uk/pipermail/arm-netbook/attachments/20160822/be18fae7/attachment-0001.html>


More information about the arm-netbook mailing list