Post 9qVPRNO8p5CyCxtDUG by lanodan@queer.hacktivis.me
(DIR) More posts by lanodan@queer.hacktivis.me
(DIR) Post #9qV92GnaaSozGTnbai by sir@cmpwn.com
2019-12-30T20:18:32Z
2 likes, 2 repeats
Every boot story since BIOS is hot garbage. ARM, UEFI, even RISC-V boot up is dumb as hell
(DIR) Post #9qV9CCYJEKcCzTO6IS by sir@cmpwn.com
2019-12-30T20:20:05Z
4 likes, 2 repeats
1. Identify the boot storage medium2. Copy the first sector to RAM3. Stash any useful information in registers, like the SATA port/device number/etc4. Jump to the boot sectorHow to boot like a normal-ass adult in 4 simple steps
(DIR) Post #9qV9MqdR3gsOCUrVuy by ultem@gnosis.systems
2019-12-30T20:22:46.705677Z
0 likes, 0 repeats
@sir But my OEM UEFI applications! :^)
(DIR) Post #9qV9QMMHZIgfSQVtRo by sir@cmpwn.com
2019-12-30T20:22:48Z
0 likes, 0 repeats
"But where should I put my SoC's boot up code to initialize shit and read the boot device?"In a ROM chip mapped to address 0 and unmapped when jumping to the boot sector, you dumb dumb
(DIR) Post #9qV9chqtTsitatids0 by sir@cmpwn.com
2019-12-30T20:25:03Z
0 likes, 1 repeats
"But how do I identify the boot up device?"Use a magic number for bootable devices, provide a UI for the user to select/configure the boot media from, hell, use a dip switch to choose between eMMC and microSD, like I care
(DIR) Post #9qV9dUH7RgDnm8MGPY by feld@bikeshed.party
2019-12-30T20:25:46.565806Z
0 likes, 0 repeats
@sir Sun's Open Firmware was not *too* bad
(DIR) Post #9qVO532PhlRSldW2nA by pyrolagus@cmpwn.com
2019-12-30T23:06:27Z
0 likes, 0 repeats
@sir What would be the best method for tamper-resistance then?
(DIR) Post #9qVOV5Ey8eUn7xnrRQ by sir@cmpwn.com
2019-12-30T23:11:41Z
1 likes, 0 repeats
@pyrolagus don't
(DIR) Post #9qVOqDI7OvOUB5LsDw by amiloradovsky@functional.cafe
2019-12-30T23:15:15Z
0 likes, 0 repeats
@sir @pyrolagus temper assistance :J
(DIR) Post #9qVOwKQjlsU23ZIbmC by pyrolagus@cmpwn.com
2019-12-30T23:16:41Z
0 likes, 0 repeats
@sir any reason?
(DIR) Post #9qVPGEpuHNq0UyZ8KW by Wolf480pl@niu.moe
2019-12-30T23:20:41Z
0 likes, 0 repeats
@sirDoes that include U-Boot?
(DIR) Post #9qVPRNO8p5CyCxtDUG by lanodan@queer.hacktivis.me
2019-12-30T23:22:51.339485Z
0 likes, 0 repeats
@sir Any opinion about stuff like OpenFirmware aka (almost specified as) IEEE 1275 ?
(DIR) Post #9qVVTfbeewcJ0wggLo by alexbuzzbee@fosstodon.org
2019-12-31T00:29:08Z
0 likes, 0 repeats
@pyrolagus @sir All tamper-prevention systems also take control away from the user. Tamper-detection can be done with less problems, but still requires care to avoid unethical consequences.
(DIR) Post #9qVVTfwZPBLa3oTNx2 by sir@cmpwn.com
2019-12-31T00:29:52Z
0 likes, 0 repeats
@alexbuzzbee @pyrolagus tamper protection is bullshit. You can't defend against physical access, it's a fool's errand
(DIR) Post #9qVVZIleUCz1v135t2 by alexbuzzbee@fosstodon.org
2019-12-31T00:29:53Z
0 likes, 0 repeats
@sir I wasn't aware ARM and RISC-V had architectural boot protocol standards?
(DIR) Post #9qVVdal9XCdWsUrS2S by sir@cmpwn.com
2019-12-31T00:30:08Z
0 likes, 0 repeats
@alexbuzzbee they don't, and this is the reason for it being crap
(DIR) Post #9qVVt535CbOVA6dKGe by alexbuzzbee@fosstodon.org
2019-12-31T00:34:22Z
0 likes, 0 repeats
@sir If you don't mind I am going to formalize this all into a 1-2 page specification.
(DIR) Post #9qVVxsE0JBbOpz1k1Y by sir@cmpwn.com
2019-12-31T00:34:37Z
0 likes, 0 repeats
@alexbuzzbee please do
(DIR) Post #9qWJrXMnwO0M7NJcjA by pyrolagus@cmpwn.com
2019-12-31T09:54:29Z
0 likes, 0 repeats
@sir @alexbuzzbee I dunno, it seemed to work well when the FBI ordered Apple to unlock an iPhone. And even now it seems they can only break into iPhones 5C and older. Saying that it's impossible to defend against physical access seems pretty arrogant to me as this is as much a physics and electronic engineering question as a software engineering question.
(DIR) Post #9qWg1Hf9NgOLIewvA0 by sir@cmpwn.com
2019-12-31T14:02:33Z
0 likes, 0 repeats
@pyrolagus @alexbuzzbee that's just disk encryption, which works just fine with my approach too.
(DIR) Post #9qXIrRj90GbBpZ7LFo by alexbuzzbee@fosstodon.org
2019-12-31T20:56:10Z
1 likes, 0 repeats
@ultem @sir Trying to remember if I've ever used a firmware application other than the firmware setup. I'm pretty sure I've only ever used the firmware setup, and even then only because the firmware has too many features and I need to tell it not to be stupid.
(DIR) Post #9qYzj7zYz74jUf2Mi0 by pyrolagus@cmpwn.com
2020-01-01T16:52:25Z
0 likes, 0 repeats
@sir @alexbuzzbee That doesn't protect you from bootup stage malware, which could just extract any passwords and keys necessary for decryption. But of course, I guess you could always just consider your laptop compromised if it leaves your sight and scrap it for a new one.
(DIR) Post #9qZ1pWxJHcEqYxAEAy by sir@cmpwn.com
2020-01-01T17:16:26Z
0 likes, 0 repeats
@pyrolagus @alexbuzzbee nothing protects you from that. Defending from physical access is a fool's errand.
(DIR) Post #9qZ1vVcv8XN2B9TgP2 by pyrolagus@cmpwn.com
2019-12-31T09:55:16Z
0 likes, 0 repeats
@alexbuzzbee @sir They CAN take control away from the user, but that obviously depends on how they are used. You could say the same thing about encryption algorithms.
(DIR) Post #9qZ1vVwlwjFZAilXLU by alexbuzzbee@fosstodon.org
2019-12-31T12:08:12Z
0 likes, 0 repeats
@pyrolagus @sir Not all of them completely take control away (e.g. many UEFI Secure Boot implementations allow loading custom keys), but it's essentially impossible to leave the user in full control and still provide effective tamper-prevention.iPhones have very effective tamper-prevention, but how hard is it to install Linux on one if you decide you want to?
(DIR) Post #9qZ1vWBf3N9xutjQYK by pyrolagus@cmpwn.com
2019-12-31T13:12:49Z
0 likes, 0 repeats
@alexbuzzbee @sir The usbarmory[1] allows you to "burn" a private key for secure boot into the hardware. The user has full control, but it's an irreversible process that prevents tampering. One could argue that this process takes control away from the user because they can't change the private key afterwards, but that would be a dumb argument, since the user chose to do so in the first place.Now, granted. You will have to either keep the private key safe somewhere (which can be near impossible depending on your threat model) or you set up a system that you're confident is secure and satisfactorily configured and destroy the key. Neither is very user friendly, of course, but IMO the important thing is having the possibility to make your system tamper proof.Apple doesn't Linux on the iPhone, so users can't install Linux on their iPhones. If you want security and convenience, the iPhone is a fantastic choice, but if you want the freedom to install whatever you wish, then it's obviously not.[1] https://github.com/inversepath/usbarmory/wiki/Secure-boot-(Mk-I)
(DIR) Post #9qZ1vWk2zWfJdXot9M by alexbuzzbee@fosstodon.org
2019-12-31T13:16:35Z
0 likes, 0 repeats
@pyrolagus @sir User-friendliness is an important part of user control. If you have to go through a complicated process to burn in a Secure Boot key, you're less likely to try to install your own operating system.RE: iPhones: This is exactly the ethical concern with tamper-prevention; if I own the hardware, shouldn't I be able to do what I want with it? Why do I need the vendor's approval to use a device that I own in the way I want?
(DIR) Post #9qZ1vXClGldN4bFouG by pyrolagus@cmpwn.com
2020-01-01T16:57:34Z
0 likes, 0 repeats
@alexbuzzbee @sir > User-friendliness is an important part of user control.I think that's a memo the open source community has yet to get. At least up till now, it's always been about providing users with all the tools necessary to do whatever they want, even if you have to be a wizard to use those tools.> This is exactly the ethical concern with tamper-prevention;It's a tool that can be used for good and bad. We have those since the beginning of humankind. In this case, the bad isn't disastrous enough to advocate burying this tool. And the good is actually really useful enough. Like, can save lives useful.
(DIR) Post #9qZ1vXaVqSdIGGMmvY by sir@cmpwn.com
2020-01-01T17:17:07Z
2 likes, 2 repeats
@pyrolagus @alexbuzzbee I would rather have more wizards than less magic
(DIR) Post #9qZJnbOVbjMuvP7GAS by alexbuzzbee@fosstodon.org
2020-01-01T20:37:43Z
0 likes, 0 repeats
@sir Okay, took a little longer than expected to get it up on the server. I ended up having to complicate the "stash useful information in registers" step somewhat because there is no universal fixed set of useful values or register names. I made an in-memory data structure for information like host controller addresses and memory maps and "which boot device." Also I gave the boot block a fixed length of 4K so you can fit enough code. Thoughts?https://www.alm.website/misc/specs/xsfi
(DIR) Post #9qZJslvXsFvv2X2A5Y by sir@cmpwn.com
2020-01-01T20:38:27Z
0 likes, 0 repeats
@alexbuzzbee can you post your draft in the form of an email to ~sircmpwn/public-inbox@lists.sr.ht, for easier reviewing?
(DIR) Post #9qZK9gYR6RkHIdI1Cq by alexbuzzbee@fosstodon.org
2020-01-01T20:41:07Z
0 likes, 0 repeats
@sir There are tables and stuff that really don't render well in plain text. I've tried my hardest to keep my HTML as simple as possible. Do you want me to send an HTML email or try to bludgeon it into plain?
(DIR) Post #9qZKEE3gTghqMv4RQO by sir@cmpwn.com
2020-01-01T20:41:31Z
0 likes, 0 repeats
@alexbuzzbee bludgeon it into plain would be great. It's not a big deal if some of the formatting is lost, it's just a better medium for discussion.
(DIR) Post #9qZL0x2kWnz3mqrqt6 by alexbuzzbee@fosstodon.org
2020-01-01T20:51:27Z
0 likes, 0 repeats
@sir I get that. Working on getting it somewhat readable...
(DIR) Post #9qZLnlvedjtnVPpQa8 by alexbuzzbee@fosstodon.org
2020-01-01T20:58:41Z
0 likes, 0 repeats
@sir Okay there's a little ragged alignment in the tables but it's pretty much okay.
(DIR) Post #9qZLnmKp8A22lTbWoS by sir@cmpwn.com
2020-01-01T21:00:17Z
0 likes, 0 repeats
@alexbuzzbee thanks!