--- crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
On Sun, Aug 21, 2016 at 9:19 PM, Raphaël Mélotte <[email protected]> wrote: > Hello, > > First of all I have been following the crowdfunding and mailing list since > the first of august (I have been using another email adress) and I have to > say I really like every aspect of this project and I highly respect and > admire the ideology that goes with the project. thanks. it's not quiiite "ideology" - there are genuine sound and practical business reasons for doing what we're doing. let me put it another way: when we get to mass-volume levels would you *like* us to be "yet another proprietary software peddler"? :) > I haven't been able to pledge until now but I will make sure to do so as > soon as I can and before the crowdfunding ends. I really want to test what > an EOMA68 laptop would look and behave like, and I want to replace my tiny > Raspberry pi server with another EOMA68 (I will also be willing to buy more > powerful computer cards if they ever get created). cool. they will. > Since the EOMA68 is entirely free, the *standard* is open (properly open), the source code is libre, and the hardware is 99% libre, aiming for 100%. > I was thinking that *theoretically* it > should be possible to read and verify every firmware, and/or binaries > present to run the chip (I don't really know how to call it so I will call > it "microcode"). the only "microcode" - using the phrase you use - that we know of is the eGON Boot ROM, which hno has extracted and part-reverse-engineered, more info here: http://linux-sunxi.org/EGON#eGON.BRM > More and more people are worried about the microcodes that > are run on our hardware and being able to verify what is actually running on > our machine (when it boots for example) would be comforting. It seems to me > that it's the first time the source code for every microcode in a computer > will be available, since some projects tried to do so in the past, but never > achieved to run 100% without proprietary code (purism, novena, ...). there are actually plenty - many of them early beaglebone designs especially those around the AM Sitara series - but it's the first that could be deployed usefully in mass-volume scenarios as opposed to "engineering only" boards. > From a security point of view, open source code no it isn't... *libre* source code is... > is the best option since it > allows to check if the code being run isn't malware. However, if I don't > verify the code present on my machine, how will I know it is the same code > as the source that was analyzed and that it is not malicious code ? well if you can't do it, at least someone else can. > That's > why I'm asking if it would be possible to read the microcodes present on the > chip, and check them against the online source codes (kind of a checksum ?). no idea. > That way we would be able to know if the code had been tampered with, be it > during shipping, after being infected by a malware that was somehow able to > change the boot code or some firmware, an evil maid attack, etc. well, we picked an "unbrickable" processor precisely so that you could download binaries / source from a *trusted* source and re-flash everything. > Just to be clear I'm not being paranoid to the point where I would suspect > some bad guys inserting malware in my machine during shipping (I guess the > country I live in is "libre" enough to not do that, you _are_ joking, right? :) it's *well known* that the NSA unboxes Cisco products and other routers, installs replacement firmware *AND CHIPS*, then boxes them back up and sends them on their way. there's even photographs online of them carrying out these practices. > but that's surely not > the case for everyone everywhere in the world), and I will probably not try > to verify every firmware on the chip, but since this is one of the first > truly free system I was asking myself if it would be possible. yes. > I also understand that as of today, checking every code on a system is more > an utopia then a doable thing (you'd also have to check firmware from your > keyboard, mouse, webcam, USB flash drive, and pretty much everything you > connect to the main board) true... but here you *can* check the STM32F072's firmware (which controls the keyboard, mouse and PMIC), and you can re-flash on every boot should you so wish... bear in mind that's going to wreck the on-board flash at some point, but you can do it. > and may be pointless, but I'm also confident that > in the future (maybe distant, maybe not) we will have to be able to do so if > we want to keep our digital life private, as everything we do is more and > more linked to the digital world, and malware techniques are becoming more > and more creative (see for example BadUSB). yep.... not a lot that can be done about that. shoving 240v AC down a 5v DC line is guaranteed to be disastrous, no matter what the piece of electronics is. > I'm not a computer scientist and although I do my best to learn how software > works, I don't understand everything about hardware and I may be missing > some important point that makes my idea impossible to realize. That's why > I'm asking it here since you know far more about it then me. > > Also please forgive my written expression: I'm doing my best to express my > ideas clearly, but English isn't my native language and I sometimes don't > know how to express myself to be best understood. doing pretty well so far > Anyway, I sincerely hope this project becomes a great success, and that you > will be able to make it grow even more. thanks. _______________________________________________ arm-netbook mailing list [email protected] http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to [email protected]
