IRC log of #maemo-ssu for Sunday, 2016-04-03

*** Pali has quit IRC00:56
*** trx has quit IRC01:07
*** delphi has joined #maemo-ssu01:07
*** futpib has quit IRC01:18
*** M4rtinK has quit IRC01:51
DocScrutinizer05~aegis02:18
infobothttp://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide , or "The purpose of this framework is: ... to make sure that the platform meets the requirements set by third party software that requires a safe execution environment.", or http://en.wikipedia.org/wiki/Trusted_Computing#Criticism, or  http://en.qi-hardware.com/w/images/1/10/ME_382_LockedUpTechnology2.gif02:18
DocScrutinizer05http://maemo.cloud-7.de/Aegis-kills-device.jpg02:19
DocScrutinizer05Nokia successfully entangled N9 OS with their own servers, and since those are down, you basically can forget about N902:21
DocScrutinizer05ente: ^02:23
kerionow02:23
keriocan you get a reimbursement from nokia?02:23
DocScrutinizer05actually I'm not sure if Nokia servers for N9 are down but I'd be surprised to learn they're not02:24
keriosurely the N9 is not fit for purpose anymore02:24
entethey are02:24
entethere are package mirrors though02:24
DocScrutinizer05the question is if you could install anything from them, since prolly even hacking /etc/hosts to have $nokiaserver point to the IP of the new mirror would already cause aegis to nuke your system since you touched a "system file"02:25
DocScrutinizer05there's a so called "open mode" but that kills some functions in OS, irrecoverably. One of them being change of device lockcode iirc02:27
bencohpeople still use it so I guess they found a way02:28
bencohkinda02:28
DocScrutinizer05well yes, it sort of still works, but you can't update anymore, and I guess you can't even enable developer mode if you haven't already downloaded the files while Nokia's servers still worked02:32
DocScrutinizer05you can't downgrade the OS either, so my N9 one-click-falser is useless for most of you even when I share it02:33
DocScrutinizer05flasher*02:34
DocScrutinizer05you prolly can't restore your own backups either since they depend on dowbnloading the packages from nokia servers02:35
DocScrutinizer05actually I dunno if backup/restore ever got implemented on N9, I recall there were issues with aegis even while Nokia was alive still02:36
kerioDocScrutinizer05: btw, what do you make of the apple-fbi thing?02:37
DocScrutinizer05big noise about nothing02:37
DocScrutinizer05FBI is so lame, pathetic losers02:38
kerioi wonder how that would've gone with a neo90002:38
kerio"decrypt this phone" "we don't even have a crosscompiler set up dude"02:38
DocScrutinizer05yep02:38
keriostill, that secure enclave thing is pretty cool02:39
kerioit can be replicated openly, right02:39
keriospecs wouldn't help an attacker02:39
DocScrutinizer05err our modem fencing? yes02:39
keriono, the hard-as-balls TPM02:40
DocScrutinizer05the option to secure the bootloader? as well02:40
DocScrutinizer05we don't have any TPM on Neo90002:40
kerioperhaps on the neo900 s plus02:40
DocScrutinizer05the device itself is  a "TPM"02:41
DocScrutinizer05there's no other way than brute force soldering to access the device when user has locked it down02:42
DocScrutinizer05and even then you're lost when user installed a cryptfs02:42
keriocold ram etc etc02:43
kerioas a bonus, when the NSA manages to desolder the ram without breaking anything, you can ask them to install a bigger ram module! :D02:43
DocScrutinizer05doesn't work since you can't mess with the bootloader02:43
kerioeven then, wouldn't it be almost trivial to have the bootloader zero out the ram as the first thing that happens?02:44
kerioso that you MUST desolder it to access the contents?02:44
DocScrutinizer05sure, but why?02:44
DocScrutinizer05when you desolder RAM it loses all its content02:45
keriobecause of the heat?02:45
DocScrutinizer05because RAM is volatile02:45
kerioso? keep it powered as you desolder it02:45
kerioez02:45
DocScrutinizer05it needs power and even constant refresh to keep info02:45
keriohonestly if the NSA can't even desolder a ram while keeping it working, what good are they?02:46
DocScrutinizer05not THAT good anyway :-P02:46
keriotrained special agents cutting a hole in your ceiling, dropping down, and desoldering your phone while hanging above the ground02:47
DocScrutinizer05krhrhrhr02:47
keriohold on i thought you could literally just freeze the ram02:48
kerioand it would keep the content for like 10 minutes02:48
kerio...how do you desolder it while keeping it frozen? ¬.¬02:48
DocScrutinizer05good question :-)02:48
keriomeh i bet you could just use a very tiny dremel cutter02:49
DocScrutinizer05hmmm that *might* work but even then you don't have any of the CPU registers02:50
keriofreeze the cpu! :D02:50
DocScrutinizer05well, I'm pretty sure NSA has not the faintest chance to unlock a decently locked Neo90002:51
kerioyeah, because it doesn't exist ._.02:51
DocScrutinizer05except brite force decryption02:51
kerioyeah but strong crypto is sloooooooooooow02:51
DocScrutinizer05yes, particularly the brute force decryption02:52
kerioyeah but02:52
DocScrutinizer05you actually just need strong encryption to store a hash table with decryption keys unique for each sector02:54
DocScrutinizer05those can be weak then02:54
DocScrutinizer05also can be symmetric02:56
kerio"can be symmetric" what02:56
keriohow do you think crypto actually works02:56
DocScrutinizer05the commonly known crypto is assymetric02:57
keriono, you do asymmetric auth and asymmetric key exchange02:57
keriothe key exchange is to exchange a key for symmetric crypto02:57
DocScrutinizer05yes, and only for the symmetric key02:57
kerioonce you get a shared secret, you use it to fire up a chacha20 stream or two02:58
kerioor AES if you're into that kind of stuff02:58
DocScrutinizer05whatever02:58
kerioi don't think that chacha20 is suited to do disk encryption tho02:58
kerioand non accelerated AES is sloooooooooooooooooooooow02:59
keriohm, does the omap3 in the neo900 have accelerated AES?03:00
kerioapparently it's only in "high security" omap3s03:00
DocScrutinizer05check the OMAP3 TRM03:00
DocScrutinizer05iirc it's available to user only in GP devices, in HS devices it's available to TrustZone only03:01
DocScrutinizer05ask freemangordon he's far more savvy than me about that stuff03:04
DocScrutinizer05I never really looked into it since I can't do anything about it anyway03:05
DocScrutinizer05I'm using a FM3730 GP device and that's it03:05
DocScrutinizer05DM*03:05
DocScrutinizer05couldn't get a HS device even if I wanted03:06
DocScrutinizer05and if I could, I wouldn't know the root key of M-Shield aka TrustZone aka security monitor03:07
keriohold on, it's not specified by the vendor? :o03:08
DocScrutinizer05I don't even know if e.g. Nokia flashes those keys at own factory or gets then preflashed from TI03:08
DocScrutinizer05I only know there's a key in a untouchable ROM in SoC and you can't read it out and neither do you know the secret key to that non-public "pubkey"03:10
DocScrutinizer05and your bootloader needs to be signed by the secret key03:11
kerioa private public key? the fuck03:11
DocScrutinizer05an unreadable pubkey03:11
DocScrutinizer05only available to TrustZone03:12
DocScrutinizer05and TrustZone firmware checks the bootloader signature with that pubkey03:13
DocScrutinizer05bootloader in turn is supposed to check the kernel's signature and so on03:13
kerioyeah but surely if you're buying the chips you can decide which key that is03:14
DocScrutinizer05I'm not sure about that03:14
kerioyeah but surely if you're paying enough money you can decide which key that is03:14
DocScrutinizer05you can hand a key to TI to let them program it to the ROM, I guess03:15
kerioisn't it efuses?03:15
DocScrutinizer05prolly it is, dunno for sure03:15
kerioleave it open for the user to shoot themselves in the foot with03:15
DocScrutinizer05yeah03:15
DocScrutinizer05possible, I simply dunno03:16
keriostep 1) generate private key and public key03:16
keriostep 2) burn public key onto chip and enable trusted boot03:16
keriostep 3) lose private key because the hard disk crashed or something03:16
DocScrutinizer05I wouldn't be surprised if exactly this happened to N90003:17
keriowith the repos?03:17
DocScrutinizer05so nokia couldn't update the xloader code anymore03:17
keriooh for the bootloader03:17
kerioat least xloader is quite flexible in what it chainloads :>03:17
DocScrutinizer05N900 xloader doesn't enforce chain of trust though. I.E. it doesn't check signature of NOLO03:18
kerioyou can basically just treat xloader as a second stage ROMBL right03:18
DocScrutinizer05evidence: you can hack NOLO03:19
DocScrutinizer05right03:19
DocScrutinizer05N900 *is* a HS device (3430)03:19
kerioso we should have accelerated AES P:03:20
DocScrutinizer05N9 is a HS device (3630)03:20
DocScrutinizer05no, afaik and iirc only TZ can access AES accel on HS devices03:21
DocScrutinizer05another question is if the monitor in TZ allows userland acces to AES via monitor as proxy03:21
DocScrutinizer05such stuff gets configured in xloader afaik03:22
DocScrutinizer05in ARM you basically can configure every subsystem to belong to either TZ or userland (incl kernel) or even share between the two, e.g RAM a few pages for TZ only, the rest for userland (and TZ too of course)03:24
DocScrutinizer05the whole ARM architecture has an own "address line" for TZ03:25
DocScrutinizer05I honestly only had a cursory look into all this03:26
kerioalright, openssl HEAD does 37MB/s of chacha20-poly1305 on my sheevaplug03:29
DocScrutinizer05I had to mess with a IP called "mailbox" or "postbox"  (PB503?) of ARM, and there I leearned it's consisting of N FIFOs which can get accessed by both cores of a dualcore, and M of those FIFOs (for M<N) can get assigned to secure mode exclusively03:29
kerio(marvell kirkwood)03:29
DocScrutinizer05http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.kui0062a/rlarm_ar_mbx_using.htm03:31
keriodear lord, i'm only getting 8MB/s for aes 256 gcm03:32
keriomy lappy gets 1.7 and 2.5GB/s, respectively03:35
DocScrutinizer05aaah I guessd this been it PrimeCell PL320  http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.kui0062a/rlarm_ar_mbx_using.htm03:35
DocScrutinizer05dang03:36
DocScrutinizer05http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0306b/CHDHJBBJ.html03:36
DocScrutinizer05http://infocenter.arm.com/help/topic/com.arm.doc.ddi0306b/index.html even03:37
DocScrutinizer05wow that's annoying again how the public datasheet for PL320 doesn't seem to even mention TrustZone and secure mode at all03:45
DocScrutinizer05I had access to the confidential HS specs, you won't find those in public03:46
DocScrutinizer05anyway http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/ch02s02s01.html03:58
DocScrutinizer05>> The security of the system is achieved by partitioning all of the SoC’s hardware and software resources so that they exist in one of two worlds - the Secure world for the security subsystem, and the Normal world for everything else. Hardware logic present in the TrustZone-enabled AMBA3 AXITM bus fabric ensures that no Secure world resources can be accessed by the Normal world components, enabling a strong security perimeter to be04:02
DocScrutinizer05built between the two.<<04:02
DocScrutinizer05>> The addition of the NS bit to the bus transactions, and to any cache tags in the system, can be viewed as providing a 33rd address bit. There is a 32-bit physical address space for Secure transactions and a 32-bit physical address space for Non-secure transactions.<<04:10
DocScrutinizer05so AES might exist in both HS and GP devices, but the question is whether it's mapped to Secure or Non-secure address04:12
DocScrutinizer05afaik it's mapped to Secure only on HS devices04:12
DocScrutinizer05IOW it might be available to "Normal world" on GP devices04:13
DocScrutinizer05ROMBOOT and stuff like keys is always mapped to Secure04:14
DocScrutinizer05my uneducated guess04:15
*** LauRoman|Alt has joined #maemo-ssu04:21
DocScrutinizer05on NovaThor everything in R&D ran in Secure mode, so it was quite messy to build and _sign_ a new image to flash to the devel boards04:24
*** LauRoman has quit IRC04:24
DocScrutinizer05the signature server was located at some northern country and signing took quite a while04:25
*** DocScrutinizer05 has quit IRC06:32
*** DocScrutinizer05 has joined #maemo-ssu06:32
*** enyc has quit IRC07:17
*** chainsawbike has quit IRC07:24
*** chainsawbike has joined #maemo-ssu07:28
*** enyc has joined #maemo-ssu07:39
*** Pali has joined #maemo-ssu11:00
*** futpib has joined #maemo-ssu11:44
*** delphi is now known as trx11:55
*** LauRoman|Alt has quit IRC12:06
*** M4rtinK has joined #maemo-ssu12:47
*** Wizzup_ has quit IRC12:54
*** trx has quit IRC14:09
*** trx has joined #maemo-ssu14:14
*** Wizzup has joined #maemo-ssu15:38
*** Wizzup has quit IRC15:49
*** Wizzup has joined #maemo-ssu15:51
*** Wizzup has quit IRC15:55
*** Wizzup has joined #maemo-ssu16:01
merlin1991re n916:31
merlin1991I love how the warning tells you about flashing even though there were no images / tools normally available16:31
merlin1991but16:31
merlin1991you can just sideload a .deb that patches /etc/hosts and aegis will keep still16:32
*** futpib has quit IRC16:43
*** hashcore has joined #maemo-ssu17:29
*** ente has quit IRC17:53
*** ente has joined #maemo-ssu17:54
*** ente has joined #maemo-ssu17:54
*** freemangordon has quit IRC18:03
*** freemangordon1 has joined #maemo-ssu18:03
*** freemangordon1 has quit IRC19:04
*** freemangordon has joined #maemo-ssu19:05
*** LauRoman has joined #maemo-ssu19:19
merlin1991anyone on -stable in here?20:31
merlin1991ffs the screen on my -stable device is dead20:33
*** M4rtinK has quit IRC20:54
bencohI'm on stable, why?21:07
bencoh(well, a slightly patched stable, but...)21:07
bencohmerlin1991: ^21:07
merlin1991I'm preparing a new release21:08
merlin1991and would prefer that to sit around for a day or so before pushing it into the main repo21:09
merlin1991sit around and test ofc :)21:09
bencohdo we have a stable-next repo?21:10
merlin1991yes :)21:10
merlin1991you can add it with http://cdnm.at/~christian/maemo/cssu/stable-testing-enabler_0.1_all.deb21:10
merlin1991Pali: ping21:12
Palimerlin1991: pong21:12
merlin1991Pali: why did we update e2fsprogs?21:12
Palido not remember :-)21:12
bencohmerlin1991: pasting the repo url would make it simpler ;)21:12
Palican look into git21:12
merlin1991well it is just update to upstream version x21:12
merlin1991+patches to make it build for maemo21:12
merlin1991not why though21:12
merlin1991bencoh: the enabler throws in the key aswell ;)21:13
Palimerlin1991: I think kerio reported some bug21:13
kerioi what21:13
merlin1991and adds it as a system catalogue with proper priority21:13
Palikerio: wasnt you who found some bug in maemo fsck?21:13
merlin1991gonna grep channel logs21:13
PaliI think that fsck needs lot of RAM or something like that21:14
*** M4rtinK has joined #maemo-ssu21:14
Palihttp://mg.pov.lt/maemo-ssu-irclog/%23maemo-ssu.2013-05-07.log.html#t2013-05-07T23:30:5021:17
Pali2013-05-07 23:30 <kerio> btw, we should upgrade e2fsprogs21:17
Paliso really kerio :P21:17
kerioyeah but21:17
kerio...it took you 3 years to upgrade e2fsprogs?21:17
Palinot me, but merlin199121:18
merlin1991last stable release 2014 :/21:18
* merlin1991 hangs head in shame21:18
merlin1991last testing release was only a year ago21:19
Palimerlin1991: I forgot to build new HAM for cssu-devel...21:32
Paliupdated debian/changelog is in git now21:32
Palianyway current cssu-devel HAM (2.2.74) should be released21:33
merlin1991what did you change on top of what is in -devel?21:35
Pali1) fix doing SSU update :-) 2) notification configuration via /etc/hildon-application-manager/settings 3) fix notification key for provider 4) /proc/cpuinfo21:38
bencohcpuinfo?21:39
Palithat is for upstream kernel21:39
bencohah21:39
Palimerlin1991: anyway, in cssu-devel is also missing jonwil's update for maemo-security-certman21:40
Paliwhere are new certificates21:40
Palialso in cssu-devel is missing new alarmd21:41
Palialso fmtx-middleware21:41
Paliand for hildon-application manager: there are backported PR1.3 changes21:42
Palibecause those were not part of HAM cssu version :-(21:42
Palihm... also hildon-welcome is not updated in cssu-devel21:43
Paliand also initrd-progs21:43
Paliand also mce21:43
Paliand thats all21:43
merlin1991feel free to push the packages you changed into cssu-devel21:43
Palimerlin1991: now when you are building packages, can you build also those for cssu-devel?21:44
Palino idea which changes are mine21:44
Palithis is from cssu-state script21:44
merlin1991I don't want to push any half done changes :/21:44
merlin1991meh building evolution-data-server kills all the dependencies in scratchbox21:44
Palionce debian/changelog is increased changes are done/ready for cssu-devel21:45
merlin1991because it wants  libdb4.2 which conflicts with libdb121:45
Paliah :-(21:45
Palianyway, when releasing git changes, check also my cssu-state script from https://github.com/community-ssu/cssu-state21:46
merlin1991I used it to get my overview what I copy from testing -> stable21:46
*** M4rtinK has quit IRC21:56
*** futpib has joined #maemo-ssu21:58
*** M4rtinK has joined #maemo-ssu22:08
*** M4rtinK has quit IRC22:24
merlin1991hm glib2 doesn't build22:30
*** chainsawbike has quit IRC23:23
*** M4rtinK has joined #maemo-ssu23:29
*** futpib has quit IRC23:41
*** M4rtinK has quit IRC23:52
*** hashcore has quit IRC23:58

Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!