Actions
BroadcomVideoCore¶
Devices¶
The Raspberry PI don't use code signature, but smartphones using the same SOC may have it enabled.
IRC Logs to sort¶
03:00 < clever> ive also cracked the signing keys on the rpi4 fully, and now know how they get generated 03:01 < clever> so i could (in theory) re-extract them from another broadcom product in the future, with less effort [...] 03:01 < clever> assuming i get execute on the VPU somehow [...] 03:03 < clever> basically, there is 20 bytes of "salt" in the mask rom, which gets combined with 16 bytes from the OTP, to create the real 20byte hmac-sha1 key 03:04 < clever> you need to understand how .data gets copied from rom->ram (since its an XIP rom), and then find the code that merges the 2, to know what offset in ram to read [...] 03:08 < clever> GNUtoo: but, ive also heard that the 2nd revision of the mask rom, has proper pub/priv RSA support 03:08 < clever> if they choose to turn that on, we are screwed [...] 03:15 < clever> all of the broadcom chips in the pi's, have ~60 OTP registers, each 32 bits wide [...] 03:16 < clever> got a total of ~268 bytes of OTP 03:16 < clever> for* [...] < clever> GNUtoo: i do also have some new info on the rpi4 mask rom boot order, that you might want in the wiki 03:19 < clever> GNUtoo: the rpi4, can boot from 3 places, in this order: #1 recovery.bin on the SD card, #2 a tagged blob in SPI flash, #3 usb-device boot 03:19 < clever> GNUtoo: but, you can use OTP to configure any gpio pin, to disable #1 or #2 (and you can set 2 pins, one for each) [...] 03:22 < clever> 2020-02-21 16:25:14 < clever> for extra confusion, there are 2 sets of numbers for each SoC 03:22 < clever> 2020-02-21 16:27:12 < clever> ali1234: 2838 and 2711 are both rpi4 03:22 < clever> 2020-02-21 16:27:47 < clever> ali1234: 2835 and 2708 are rpi1, i think 03:22 < clever> so the rpi4 is called both bcm2838 and bcm2711 03:22 < clever> i think one is for the base model, and then the other for this specific implementation of the silicon and package
Updated by Denis 'GNUtoo' Carikli almost 5 years ago · 2 revisions