Date: Sun, 21 Aug 2016 21:55:31 +0100
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
To: Linux on small ARM machines <arm-netbook@lists.phcomp.co.uk >
Subject: Re: [Arm-netbook] Verifying firmware
Message-ID:
<CAPweEDw6dqih5=B-bod2iNU1KzpNFD9NDOhkCu7cHgUrqr2Y1g@mail. >gmail.com
Content-Type: text/plain; charset=UTF-8
---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
On Sun, Aug 21, 2016 at 9:19 PM, Raphaël Mélotte
<raphael.melotte@gmail.com> wrote:
> Hello,
>
> First of all I have been following the crowdfunding and mailing list since
> the first of august (I have been using another email adress) and I have to
> say I really like every aspect of this project and I highly respect and
> admire the ideology that goes with the project.
thanks. it's not quiiite "ideology" - there are genuine sound and
practical business reasons for doing what we're doing. let me put it
another way: when we get to mass-volume levels would you *like* us to
be "yet another proprietary software peddler"? :)
> I haven't been able to pledge until now but I will make sure to do so as
> soon as I can and before the crowdfunding ends. I really want to test what
> an EOMA68 laptop would look and behave like, and I want to replace my tiny
> Raspberry pi server with another EOMA68 (I will also be willing to buy more
> powerful computer cards if they ever get created).
cool. they will.
> Since the EOMA68 is entirely free,
the *standard* is open (properly open), the source code is libre, and
the hardware is 99% libre, aiming for 100%.
> I was thinking that *theoretically* it
> should be possible to read and verify every firmware, and/or binaries
> present to run the chip (I don't really know how to call it so I will call
> it "microcode").
the only "microcode" - using the phrase you use - that we know of is
the eGON Boot ROM, which hno has extracted and
part-reverse-engineered, more info here:
http://linux-sunxi.org/EGON#eGON.BRM
> More and more people are worried about the microcodes that
> are run on our hardware and being able to verify what is actually running on
> our machine (when it boots for example) would be comforting. It seems to me
> that it's the first time the source code for every microcode in a computer
> will be available, since some projects tried to do so in the past, but never
> achieved to run 100% without proprietary code (purism, novena, ...).
there are actually plenty - many of them early beaglebone designs
especially those around the AM Sitara series - but it's the first that
could be deployed usefully in mass-volume scenarios as opposed to
"engineering only" boards.
> From a security point of view, open source code
no it isn't... *libre* source code is...
> is the best option since it
> allows to check if the code being run isn't malware. However, if I don't
> verify the code present on my machine, how will I know it is the same code
> as the source that was analyzed and that it is not malicious code ?
well if you can't do it, at least someone else can.
> That's
> why I'm asking if it would be possible to read the microcodes present on the
> chip, and check them against the online source codes (kind of a checksum ?).
no idea.
> That way we would be able to know if the code had been tampered with, be it
> during shipping, after being infected by a malware that was somehow able to
> change the boot code or some firmware, an evil maid attack, etc.
well, we picked an "unbrickable" processor precisely so that you
could download binaries / source from a *trusted* source and re-flash
everything.
> Just to be clear I'm not being paranoid to the point where I would suspect
> some bad guys inserting malware in my machine during shipping (I guess the
> country I live in is "libre" enough to not do that,
you _are_ joking, right? :) it's *well known* that the NSA unboxes
Cisco products and other routers, installs replacement firmware *AND
CHIPS*, then boxes them back up and sends them on their way. there's
even photographs online of them carrying out these practices.
> but that's surely not
> the case for everyone everywhere in the world), and I will probably not try
> to verify every firmware on the chip, but since this is one of the first
> truly free system I was asking myself if it would be possible.
yes.
> I also understand that as of today, checking every code on a system is more
> an utopia then a doable thing (you'd also have to check firmware from your
> keyboard, mouse, webcam, USB flash drive, and pretty much everything you
> connect to the main board)
true... but here you *can* check the STM32F072's firmware (which
controls the keyboard, mouse and PMIC), and you can re-flash on every
boot should you so wish... bear in mind that's going to wreck the
on-board flash at some point, but you can do it.
> and may be pointless, but I'm also confident that
> in the future (maybe distant, maybe not) we will have to be able to do so if
> we want to keep our digital life private, as everything we do is more and
> more linked to the digital world, and malware techniques are becoming more
> and more creative (see for example BadUSB).
yep.... not a lot that can be done about that. shoving 240v AC down
a 5v DC line is guaranteed to be disastrous, no matter what the piece
of electronics is.
> I'm not a computer scientist and although I do my best to learn how software
> works, I don't understand everything about hardware and I may be missing
> some important point that makes my idea impossible to realize. That's why
> I'm asking it here since you know far more about it then me.
>
> Also please forgive my written expression: I'm doing my best to express my
> ideas clearly, but English isn't my native language and I sometimes don't
> know how to express myself to be best understood.
doing pretty well so far
> Anyway, I sincerely hope this project becomes a great success, and that you
> will be able to make it grow even more.
thanks.