2016-08-23 19:50 GMT+02:00 Henrik Nordström <henrik@henriknordstrom.net>:

> > That's
> > why I'm asking if it would be possible to read the microcodes
> > present on the
> > chip, and check them against the online source codes (kind of a
> > checksum ?).
>
>  no idea.

There is no microcode or closed firmware running on the A20.

There is a bootrom embedded in the CPU that allows the CPU to load the
bootloader from flash or usb recovery but once the bootloader takes
control the bootrom ceases to execute entirely.

The bootrom is easily extracted from both Linux and the USB recovery
boot protocol if you want to analyze it further. But it is an embedded
ROM memory in the CPU silicon that can not be modified short of
Allwinner making another CPU silicon production mask and produces new
CPUs.

What the A20 is missing from a security perspective is secure boot
procedure. There is some primitive support but not really functioning.
Some of you may think I am crazy speaking about secure boot, but
properly used it is a very strong tool for ensuring that the installed
software is not tampered with by untrusted parties. But this requires
that you are in control of the security keys and not some untrusted
proprietary vendor.


Regards
Henrik


 
Thank you for detailing that :-)
It's true that a secure booting mechanism would be a great addition to security.
Nevertheless if I have to choose I prefer no secure boot than secure boot the way it has been implemented in almost all modern laptops, where almost only proprietary OSes are allowed to boot and everything is obfuscated since it's proprietary (that sort of secure boot in my opinion, doesn't add any security and only brings hassle).
And the EOMA68 being libre, maybe people will be interested in developing a libre secure boot :-)