A stand-out problem with trust in Broadcom SOCs like RasPi is the massive binary bootloader. If there's a sploit it need not be hardware based, because there's plenty of room in there for a whole hypervisor arrangement, methinks.
On 17 April 2015 08:02:47 GMT+01:00, "Lodewijk andré de la porte" <[email protected]> wrote: >2015-04-15 18:05 GMT+09:00 Cathal (Phone) ><[email protected]>: > >> The SOC in a raspi is probably no worse than the rest, > > >This is what I'm most concerned about! I think the Intel platform is >too >big to not be exploited (more or less) on the hardware level. I have a >very >little better feeling about AMD but I don't think it's based on much. > >The idea that ARM processors are much much smaller and therefore easier >to >audit makes them less attractive exploit targets. That, and that >they've >only recently come into use, are build by smaller companies, etc. When >you >build a SOC around it, well, that's kind of asking for trouble! > >The best avoidance method I've come up with so far is taking two units, >(bitbanging) I2C (or whatever) over the IO pins to do "networking" from >one >to the other, connect one to the Internet and the other exclusively >over >those IO pins. That way, whatever exploit is present is VERY unlikely >to be >triggered. It's... still not 100% of course.. If the exploit is on the >relevant IO pins, well, it just might be trigger-able by manipulating >the >network traffic. Maybe write high every so many bits just to meddle? >It's >closer then anything else, anyway. > > >As for less paranoid exploits, you have to tell us the threat model! >(the >cell shield will very likely be remote exploitable, but only by the >really >bad goodies) -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
