[Arm-netbook] Verifying firmware

Henrik Nordström henrik at henriknordstrom.net
Tue Aug 23 18:50:30 BST 2016


sön 2016-08-21 klockan 21:55 +0100 skrev Luke Kenneth Casson Leighton:

> > 
> > From a security point of view, open source code
> 
>  no it isn't... *libre* source code is...

I would love to hear your elaboration on how libre source code is more
secure than open source. I don't see how libre have any relevance
there.

Having access to the complete readable sourcecode and being developed
in a trustworthy environment is very relevant. But that is by no means
unique to libre or even proven to be an natural effect of libre. Those
aspects come from other properties of the software projects than what
makes the distinction between open/libre.

> > That's
> > why I'm asking if it would be possible to read the microcodes
> > present on the
> > chip, and check them against the online source codes (kind of a
> > checksum ?).
> 
>  no idea.

There is no microcode or closed firmware running on the A20.

There is a bootrom embedded in the CPU that allows the CPU to load the
bootloader from flash or usb recovery but once the bootloader takes
control the bootrom ceases to execute entirely.

The bootrom is easily extracted from both Linux and the USB recovery
boot protocol if you want to analyze it further. But it is an embedded
ROM memory in the CPU silicon that can not be modified short of
Allwinner making another CPU silicon production mask and produces new
CPUs.

What the A20 is missing from a security perspective is secure boot
procedure. There is some primitive support but not really functioning.
Some of you may think I am crazy speaking about secure boot, but
properly used it is a very strong tool for ensuring that the installed
software is not tampered with by untrusted parties. But this requires
that you are in control of the security keys and not some untrusted
proprietary vendor.

>  well, we picked an "unbrickable" processor precisely so that you
> could download binaries / source from a *trusted* source and re-flash
> everything.

Yes, the A20 is very nice in that it is unbrickable in software terms,
just as most other SoCs in the same area. It is still possible to brick
A20 systems by software but then by wearing out flash storage etc, not
by accidently writing the wrong software to flash.

And the A20 it is one of the most well covered SoCs in terms of
open/libre software support.

>  yep.... not a lot that can be done about that.  shoving 240v AC down
> a 5v DC line is guaranteed to be disastrous, no matter what the piece
> of electronics is.

That can actually be dealt with without too much trouble, but not in
scope of this list..

Regards
Henrik



More information about the arm-netbook mailing list