Project

General

Profile

FindDevicesWithUnsignedBootloaedrs » History » Version 11

Denis 'GNUtoo' Carikli, 03/28/2020 11:45 PM

1 1 Denis 'GNUtoo' Carikli
h1. FindDevicesWithUnsignedBootloaedrs
2
3
Given the huge number of devices out there, buying each device and checking it doesn't scale. Especially as there are multiple variants and even multiple versions of the variants.
4
5
For instance for the Galaxy SII we have the GT-I9100 that has an Exynos4 and GT-I9100G that has an OMAP4. And for the GT-I9100G, there are multiple versions.
6
7
h2. Making it easy for people to check the devices they have
8
9
The first step would be to document what tools already exist to do that and the ones that are lacking.
10
11
|_. Tool |_. Uses |_. supported hardware |_. Pakckages | Howto |
12 6 Denis 'GNUtoo' Carikli
| "omap-usb-boot":https://git.replicant.us/contrib/PaulK/omap-usb-boot/ | * checking if the device is signed
13 1 Denis 'GNUtoo' Carikli
                  * Loading bootloaders from USB
14 5 Denis 'GNUtoo' Carikli
                  * booting on a different boot media | OMAP3, OMAP4, OMAP5 | "Parabola":https://www.parabola.nu/packages/pcr/x86_64/omap-usb-boot/ , "Archlinux through AUR":https://aur.archlinux.org/packages/omap-usb-boot/ | [[FindOMAPDevicesWithUnsignedBootloderFromUSB]] |
15 7 Denis 'GNUtoo' Carikli
| "omap-u-boot-utils":https://nmenon.github.io/omap-u-boot-utils/ | * Loading bootloaders from USB
16 8 Denis 'GNUtoo' Carikli
                      * Loading bootloaders from the UART | OMAP3, OMAP4 | "Parabola":https://www.parabola.nu/packages/pcr/x86_64/omap-u-boot-utils-git/ , "Archlinux through AUR":https://aur.archlinux.org/packages/omap-u-boot-utils-git/ | ? |
17 9 Denis 'GNUtoo' Carikli
| "crucible":https://github.com/f-secure-foundry/crucible | * checking fuses settings | i.MX53, i.MX6DL, i.MX6DQ, i.MX6SL, i.MX6SLL, i.MX6SX, i.MX6UL, i.MX6ULL, i.MX6ULZ, i.MX7D, i.MX7ULP | TODO | TODO |
18 10 Denis 'GNUtoo' Carikli
| "cbootimage":http://http.download.nvidia.com/tegra-public-appnotes/bct-overview.html | * Generate images
19
               * Dump images (including signatures?) | Tegra ? | "Parabola":https://www.parabola.nu/packages/libre/x86_64/cbootimage/ , "Archlinux through AUR":https://aur.archlinux.org/packages/cbootimage/ |
20 11 Denis 'GNUtoo' Carikli
| "tegrarcm":https://github.com/NVIDIA/tegrarcm | | Tegra ? | TODO | TODO |
21
| 0xFFFF | * Load signed bootloaders (-c) | OMAP3? | TODO, patch for libusb1 | TODO |
22
| sunxi-tools | ? | Allwinner SOCs? | Parabola, archlinux | TODO |
23 1 Denis 'GNUtoo' Carikli
24 11 Denis 'GNUtoo' Carikli
Notes:
25
* Even with fuseegelee we might want to know if it's signed or not. See the [[BootloadersFreedom]] for more details about the limitations of fuseegelee and how to potentailly bypass them.
26
* sunxi-tools: does "if sunxi => unsigned?" still stand now that there are fuses drivers? If so still mention the tool as it could detect the SOC which would then tell us that it's most probably unsigned.
27 1 Denis 'GNUtoo' Carikli
* No tools (beside devmem2 and a good datasheet) to analyze boot settings and dump registers at runtime?
28
29
h2. Checking images at large scale
30
31
The idea would be to find a way to get a very large number of stock images for Android devices make tests on the images and automatically check if the bootloaders are signed.
32
33
If the bootloaders are under a free software license and are unsigned, once we get and identify the corresponding source code we could publish them.
34
35
For the signed bootloaders under a free software license we'd better check with the FSF what is best to do as we need not to redistribute any software that is practically nonfree.
36
37
Constraints:
38
* Check with FSF lawyers how to do it legally