Exynos4Bootrom » History » Revision 1
Revision 1/28
| Next »
Denis 'GNUtoo' Carikli, 08/19/2019 10:31 PM
Add background information on the exynos4 signature checks
Exynos4 Bootrom¶
Background information¶
The Replicant project wants to support devices with free software bootloaders, but most/all the smartphones and tablets supported by Replicant do check the signature of the first stage bootloader.
A presentation on the situation of some of the devices supported by Replicant was made at the Replicant contributors meeting in July 2019. The presentation slides and video are available.
Exynos 4 signature check¶
The Exynos4 bootrom has a strange way to check the signatures:- The first stage bootloader is encrypted
- The signature check is not very clear1
- The header that holds the key has a "func_ptr_BaseAddr" field1.
Tests to attempt¶
- Test with qemu if func_ptr_BaseAddr is somehow used by the bootrom, when verifying the BL1.
- Try to understand better the scheme used to check the signature.
- Try to see if the fuses can still be written (zeroed) and see weather it'd computationally feasible to compute the private key for a zeroed fuses hash.
Test setup¶
Either qemu1 or a development board with JTAG can be used to do the test.
Testing with qemu is probably way more easy.
1 https://fredericb.info/2018/03/emulating-exynos-4210-bootrom-in-qemu.html
Updated by Denis 'GNUtoo' Carikli about 5 years ago · 1 revisions