sön 2016-08-21 klockan 21:55 +0100 skrev Luke Kenneth Casson Leighton:
From a security point of view, open source code
no it isn't... *libre* source code is...
I would love to hear your elaboration on how libre source code is more secure than open source. I don't see how libre have any relevance there.
Having access to the complete readable sourcecode and being developed in a trustworthy environment is very relevant. But that is by no means unique to libre or even proven to be an natural effect of libre. Those aspects come from other properties of the software projects than what makes the distinction between open/libre.
That's why I'm asking if it would be possible to read the microcodes present on the chip, and check them against the online source codes (kind of a checksum ?).
no idea.
There is no microcode or closed firmware running on the A20.
There is a bootrom embedded in the CPU that allows the CPU to load the bootloader from flash or usb recovery but once the bootloader takes control the bootrom ceases to execute entirely.
The bootrom is easily extracted from both Linux and the USB recovery boot protocol if you want to analyze it further. But it is an embedded ROM memory in the CPU silicon that can not be modified short of Allwinner making another CPU silicon production mask and produces new CPUs.
What the A20 is missing from a security perspective is secure boot procedure. There is some primitive support but not really functioning. Some of you may think I am crazy speaking about secure boot, but properly used it is a very strong tool for ensuring that the installed software is not tampered with by untrusted parties. But this requires that you are in control of the security keys and not some untrusted proprietary vendor.
well, we picked an "unbrickable" processor precisely so that you could download binaries / source from a *trusted* source and re-flash everything.
Yes, the A20 is very nice in that it is unbrickable in software terms, just as most other SoCs in the same area. It is still possible to brick A20 systems by software but then by wearing out flash storage etc, not by accidently writing the wrong software to flash.
And the A20 it is one of the most well covered SoCs in terms of open/libre software support.
yep.... not a lot that can be done about that. shoving 240v AC down a 5v DC line is guaranteed to be disastrous, no matter what the piece of electronics is.
That can actually be dealt with without too much trouble, but not in scope of this list..
Regards Henrik