Exynos4Bootrom » History » Version 4
Kurtis Hanna, 08/20/2019 03:17 PM
fixed some spelling
1 | 1 | Denis 'GNUtoo' Carikli | h1. Exynos4 Bootrom |
---|---|---|---|
2 | |||
3 | h2. Background information |
||
4 | |||
5 | The Replicant project wants to support devices with free software bootloaders, but most/all the smartphones and tablets supported by Replicant do check the signature of the first stage bootloader. |
||
6 | |||
7 | A presentation on the situation of some of the devices supported by Replicant was made at the Replicant contributors meeting in July 2019. The "presentation slides":https://ftp.osuosl.org/pub/replicant/conferences/replicant-contributors-meeting-july-2019-france/replicant-and-bootloaders.pdf and "video":https://ftp.osuosl.org/pub/replicant/conferences/replicant-contributors-meeting-july-2019-france/replicant-and-bootloaders.webm are available. |
||
8 | |||
9 | h2. Exynos 4 signature check |
||
10 | |||
11 | The Exynos4 bootrom has a strange way to check the signatures: |
||
12 | * The first stage bootloader is encrypted |
||
13 | * The signature check is not very clear[1] |
||
14 | * The header that holds the key has a "func_ptr_BaseAddr" field[1]. |
||
15 | |||
16 | h2. Tests to attempt |
||
17 | |||
18 | 3 | Denis 'GNUtoo' Carikli | * Test with qemu[2] if func_ptr_BaseAddr is somehow used by the bootrom, when verifying the BL1. |
19 | 1 | Denis 'GNUtoo' Carikli | * Try to understand better the scheme used to check the signature. |
20 | 4 | Kurtis Hanna | * Try to see if the fuses can still be written (zeroed) and see whether it's computationally feasible to compute the private key for a zeroed fuses hash. |
21 | 2 | Denis 'GNUtoo' Carikli | * Try to understand why encryption is used. |
22 | 1 | Denis 'GNUtoo' Carikli | |
23 | h2. Test setup |
||
24 | |||
25 | 3 | Denis 'GNUtoo' Carikli | Either qemu[2] or a development board with JTAG can be used to do the test. |
26 | 1 | Denis 'GNUtoo' Carikli | |
27 | 3 | Denis 'GNUtoo' Carikli | Testing with qemu[2] is probably way more easy. |
28 | 1 | Denis 'GNUtoo' Carikli | |
29 | fn1. https://fredericb.info/2018/03/emulating-exynos-4210-bootrom-in-qemu.html |
||
30 | 3 | Denis 'GNUtoo' Carikli | fn2. https://github.com/frederic/qemu-exynos-bootrom |