Forums » Replicant development »
S-boot exploitation
Added by Jack K about 1 year ago
Hi all,
I read an interesting blog post about an approach that could be useful for booting Samsung devices without the TrustZone bits. I was wondering if anyone else might enjoy reading it, and might consider taking their approach to attempt liberating the bootloaders in the Samsung devices supported in Replicant? Just a thought. Anyway, link below. Do share your thoughts, people.
https://hexdetective.blogspot.co.uk/2017/02/exploiting-android-s-boot-getting.html
All the best,
Jack
Replies (8)
RE: S-boot exploitation - Added by Kurtis Hanna 10 months ago
Thanks for the post!
I should mention that https://forkwhiletrue.me/ has replaced all or some of s-boot with u-boot mainline on the i9300.
He posted 'U-Boot 2018.03-i9300-00017-gae73efb436-dirty (Apr 27 2018 - 16:12:54 +1000)' in the Replicant IRC and said he likely will do a blog post about this once he gets it fully working.
RE: S-boot exploitation - Added by Jack K 9 months ago
Exciting stuff! Can't wait for the blog post.
J
RE: S-boot exploitation - Added by Kurtis Hanna 9 months ago
RE: S-boot exploitation - Added by Daniel Kulesz 5 months ago
Simon recently posted an update, sounds really promising:
https://blog.forkwhiletrue.me/posts/an-almost-fully-libre-galaxy-s3/
RE: S-boot exploitation - Added by Kurtis Hanna 5 months ago
Thanks for posting that Daniel! Super exciting! I wonder what this means, "It's also worth mentioning that LineageOS/Replicant will boot under u-boot with a kernel compiled without CONFIG_ARM_TRUSTZONE set, but the display will not work (probably because u-boot does not initialise the display)."
I asked Simon on IRC, "Do you think that u-boot can initialize the display if someone works on it, or do you think it is more likely that we won't be able to get LineageOS/Replicant to work with u-boot on the i9300?". I'll post his response here.
RE: S-boot exploitation - Added by Daniel Kulesz 4 months ago
@Kurtis Hanna: Any news regarding the display issue?
And if I understand this correctly - if we were able to boot using u-boot, we could finally disable the Heimdall security hole? Or is heimdall mode independent from the boot loader?
RE: S-boot exploitation - Added by Kurtis Hanna about 1 month ago
I just added this issue on the tracker related to u-boot: https://redmine.replicant.us/issues/1906