BootloadersFreedom » History » Version 51
Denis 'GNUtoo' Carikli, 03/28/2020 10:45 PM
1 | 1 | Denis 'GNUtoo' Carikli | h1. Bootloaders |
---|---|---|---|
2 | |||
3 | 40 | Denis 'GNUtoo' Carikli | h2. Introduction |
4 | |||
5 | In order to run free software bootloaders, we need the ability to run the code we want at boot. |
||
6 | |||
7 | However in most smartphones and many tablets use code signature at boot, which prevent us to run free software bootloader. |
||
8 | |||
9 | In practice: |
||
10 | * Some system on a chip either don't implement code signature or the implementation is not used or tested. |
||
11 | * For some other system on a chip, it's up to the device vendor to choose to implement code signature or not. |
||
12 | * For some system on a chip, we don't know any devices not enforcing code signature, but we don't know who decided to enforce the code signature. |
||
13 | |||
14 | 36 | Denis 'GNUtoo' Carikli | h2. Devices configurations |
15 | |||
16 | 51 | Denis 'GNUtoo' Carikli | |_. Device and documentation |_. Freedom situation |_. Boot order |_. Comments | |
17 | | [[NexusSI902xBootloader| Samsung Nexus S (GT-I902x)]] | Proprietary, Signed on the tested devices | ?->USB->?->eMMC->? | | |
||
18 | | [[I9100Bootloader| Samsung Galaxy S2 (GT-I9100)]] | Proprietary, probably Signed | ? | | |
||
19 | 49 | Denis 'GNUtoo' Carikli | | [[I9100GBootloader| Samsung Galaxy S2 (GT-I9100G)]] | * Unsigned on some devices |
20 | 51 | Denis 'GNUtoo' Carikli | * Signed on some devices | ? | | |
21 | | [[GalaxyTab2Bootloader| Samsung Galaxy Tab 2]] | Proprietary, signed | ?->USB->?->eMMC->? | | |
||
22 | | [[OptimusBlackBootloader| LG Optimus black (p970)]] | unsigned, can be replaced with upstream u-boot | eMMC(MMC2)->USB | | |
||
23 | 39 | Denis 'GNUtoo' Carikli | | Galaxy SIII (I9300) |
24 | 10 | Denis 'GNUtoo' Carikli | Galaxy SIII 4G (I9305) |
25 | Galaxy Note II (N7100) |
||
26 | 39 | Denis 'GNUtoo' Carikli | Galaxy Note II 4G (N7105) | * Proprietary, Signed |
27 | 51 | Denis 'GNUtoo' Carikli | * There is work in progress to understand if we can avoid the signature | ?->eMMC->?->USB->? | | |
28 | 31 | Denis 'GNUtoo' Carikli | | Golden Delicous GTA04 | unsigned, free software | * Aux not pressed during boot: ? |
29 | * Aux pressed during boot: ?->SD->?->NAND |
||
30 | 1 | Denis 'GNUtoo' Carikli | SYS_BOOT0 = 1 |
31 | SYS_BOOT1 = 1 |
||
32 | SYS_BOOT2 = 1 |
||
33 | SYS_BOOT3 = 1 |
||
34 | 31 | Denis 'GNUtoo' Carikli | SYS_BOOT4 = 1 |
35 | SYS_BOOT5 = AUX button |
||
36 | SYS_BOOT6 = 1 |
||
37 | 51 | Denis 'GNUtoo' Carikli | But cannot find Reference manual for the DM370 | | |
38 | | Pinephone | Unsigned free software bootloader | | | |
||
39 | | Librem5 | Unsigned bootloader, nonfree DDR4 controller firmware | | | |
||
40 | | Openmoko GTA01 and GTA02 | Unsigned free software bootloader | | Unsuitable for Replicant (only has 128M of RAM, armv4t) | |
||
41 | |||
42 | 36 | Denis 'GNUtoo' Carikli | |
43 | 50 | Denis 'GNUtoo' Carikli | * [[FindDevicesWithUnsignedBootloaedrs]] |
44 | |||
45 | 36 | Denis 'GNUtoo' Carikli | h2. System on a chip |
46 | 8 | Denis 'GNUtoo' Carikli | |
47 | 33 | Denis 'GNUtoo' Carikli | |_. SOC and documentation |_. Freedom situation | |
48 | 47 | Denis 'GNUtoo' Carikli | | [[OMAPBootrom|OMAP]] | * No known bug |
49 | * Some devices are not signed | |
||
50 | 38 | Denis 'GNUtoo' Carikli | | [[Exynos4Bootrom|Exynos 4]] | * Some or all devices are signed |
51 | 1 | Denis 'GNUtoo' Carikli | * work in progress to understand if it's possible to bypass the signature | |
52 | | [[BroadcomVideoCore]] | The SOCs have the ability to check signatures | |
||
53 | 42 | Denis 'GNUtoo' Carikli | | [[TegraBootrom]] | * Not all devices use code signature |
54 | * Boot from USB is possible thanks to "fusee_gelee":https://github.com/Qyriad/fusee-launcher/blob/master/report/fusee_gelee.md |
||
55 | 43 | Denis 'GNUtoo' Carikli | * Code can be appended to the bootrom by writing in a fuse area. Could that be used to disable code signature ? | |
56 | 39 | Denis 'GNUtoo' Carikli | | IMX 5 and 6 | * Not all devices are signed |
57 | * Thanks to "Ref_QBVR2017-0001.txt":https://github.com/f-secure-foundry/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_QBVR2017-0001.txt it's possible to bypass signatures anyway, and maybe load code through USB too | |
||
58 | 33 | Denis 'GNUtoo' Carikli | |
59 | 41 | Denis 'GNUtoo' Carikli | h2. Links to cathegorize: |
60 | 15 | Denis 'GNUtoo' Carikli | |
61 | 25 | Denis 'GNUtoo' Carikli | * https://www.theiphonewiki.com/ has a list of "Bootrom security issues":https://www.theiphonewiki.com/wiki/Bootrom for apple devices. |
62 | 26 | Denis 'GNUtoo' Carikli | * "Ti Nspire":https://hackspire.org ? RSA exponent issues? |
63 | 10 | Denis 'GNUtoo' Carikli | |
64 | 9 | Denis 'GNUtoo' Carikli | == See also == |
65 | 8 | Denis 'GNUtoo' Carikli | |
66 | * [[Upstream]] |