Project

General

Profile

Lock download and recovery mode

Added by Skoll RC over 3 years ago

Hi everyone,

I recently read this article: https://ge0n0sis.github.io/posts/2016/05/how-to-lock-the-samsung-download-mode-using-an-undocumented-feature-of-aboot/#custom-recovery-and-adbd

There is 2 interesting things about security:
- it seems possible to lock download mode with password. This mean protecting recovery mode with a password is usefull as reflash is not possible without download mode password.
- Aboot bootloader (samsung booloader) is based upon little kerneler (lk) bootloader. Lk is opensource. Maybe it can be possible to use lk instead of aboot?

Has anyone ever tried to secure the bootloader with a password or evaluated the use of lk's bootloader as a free replacement of aboot?


Replies (2)

RE: Lock download and recovery mode - Added by Denis 'GNUtoo' Carikli over 3 years ago

The article sounds interesting.

I think we should read it all and integrate what we find interesting in the wiki, as most of the time such low level article contains very valuable information, even when they don't apply to the devices we support.

About "security" this article talks about some Samsung device which use a Qualcomm System on a chip, and we don't support anymore devices that runs Android on Qualcomm System On a Chip, so it's not directly applicable to the devices we support. Because of that we tend to know less about what is going on with Qualcomm System On a Chip. For instance I've no idea if there are free software bootloader for them or if the System on a chip are fused / enforce bootloader signatures.

Note that we are not against supporting devices running Android on a Qualcomm System On a Chip, however to support them we need to ensure that the modem (if there is one) cannot easily take control control of the full device. The easiest way to do that would be to support specific devices that don't have a modem like some tablets.

Low level information on Qualcomm System On a Chip is also very valuable as it gives insights one how the industry does things, and the Galaxy SIII 4G (GT-I9305) and Galaxy Note II 4G (GT-N7105) both have a modem that uses a Qualcomm System On a Chip.

Currently we have two parallel projects for getting free software bootloaders:
- Adding support for devices that already have free bootloaders. For that we need to release Replicant 10 and then add support for these devices.
- Making the Exynos 4412 Bootrom load a free software BL1. Here the issue is that the BL1 is probably signed and so we need to find a way to make the bootrom not enforce that signature. Exynos4Bootrom has more information about our attempts. Two new Replicant developers (Juri and Clever on IRC) are working on a test system with the qemu to emulate enough of the Exynos 4210 or 4412 hardware to run the bootrom code. I've no idea of the status of that project though.

RE: Lock download and recovery mode - Added by Skoll RC over 3 years ago

Sorry I take a while to respond...

yes it is for Galaxy S5 but maybe it can also be used with default bootloader on S2, S3, Note 2? Or maybe there is some possibility to increase security on those smartphones?
I know there is work on porting U-boot on Samsung devices but I don't know how u-boot is from a security point of view.

    (1-2/2)