| *** Pali has quit IRC | 00:56 | |
| *** trx has quit IRC | 01:07 | |
| *** delphi has joined #maemo-ssu | 01:07 | |
| *** futpib has quit IRC | 01:18 | |
| *** M4rtinK has quit IRC | 01:51 | |
| DocScrutinizer05 | ~aegis | 02:18 |
|---|---|---|
| infobot | http://www.developer.nokia.com/Community/Wiki/Harmattan:Developer_Library/Developing_for_Harmattan/Harmattan_security/Security_guide , or "The purpose of this framework is: ... to make sure that the platform meets the requirements set by third party software that requires a safe execution environment.", or http://en.wikipedia.org/wiki/Trusted_Computing#Criticism, or http://en.qi-hardware.com/w/images/1/10/ME_382_LockedUpTechnology2.gif | 02:18 |
| DocScrutinizer05 | http://maemo.cloud-7.de/Aegis-kills-device.jpg | 02:19 |
| DocScrutinizer05 | Nokia successfully entangled N9 OS with their own servers, and since those are down, you basically can forget about N9 | 02:21 |
| DocScrutinizer05 | ente: ^ | 02:23 |
| kerio | now | 02:23 |
| kerio | can you get a reimbursement from nokia? | 02:23 |
| DocScrutinizer05 | actually I'm not sure if Nokia servers for N9 are down but I'd be surprised to learn they're not | 02:24 |
| kerio | surely the N9 is not fit for purpose anymore | 02:24 |
| ente | they are | 02:24 |
| ente | there are package mirrors though | 02:24 |
| DocScrutinizer05 | the question is if you could install anything from them, since prolly even hacking /etc/hosts to have $nokiaserver point to the IP of the new mirror would already cause aegis to nuke your system since you touched a "system file" | 02:25 |
| DocScrutinizer05 | there's a so called "open mode" but that kills some functions in OS, irrecoverably. One of them being change of device lockcode iirc | 02:27 |
| bencoh | people still use it so I guess they found a way | 02:28 |
| bencoh | kinda | 02:28 |
| DocScrutinizer05 | well yes, it sort of still works, but you can't update anymore, and I guess you can't even enable developer mode if you haven't already downloaded the files while Nokia's servers still worked | 02:32 |
| DocScrutinizer05 | you can't downgrade the OS either, so my N9 one-click-falser is useless for most of you even when I share it | 02:33 |
| DocScrutinizer05 | flasher* | 02:34 |
| DocScrutinizer05 | you prolly can't restore your own backups either since they depend on dowbnloading the packages from nokia servers | 02:35 |
| DocScrutinizer05 | actually I dunno if backup/restore ever got implemented on N9, I recall there were issues with aegis even while Nokia was alive still | 02:36 |
| kerio | DocScrutinizer05: btw, what do you make of the apple-fbi thing? | 02:37 |
| DocScrutinizer05 | big noise about nothing | 02:37 |
| DocScrutinizer05 | FBI is so lame, pathetic losers | 02:38 |
| kerio | i wonder how that would've gone with a neo900 | 02:38 |
| kerio | "decrypt this phone" "we don't even have a crosscompiler set up dude" | 02:38 |
| DocScrutinizer05 | yep | 02:38 |
| kerio | still, that secure enclave thing is pretty cool | 02:39 |
| kerio | it can be replicated openly, right | 02:39 |
| kerio | specs wouldn't help an attacker | 02:39 |
| DocScrutinizer05 | err our modem fencing? yes | 02:39 |
| kerio | no, the hard-as-balls TPM | 02:40 |
| DocScrutinizer05 | the option to secure the bootloader? as well | 02:40 |
| DocScrutinizer05 | we don't have any TPM on Neo900 | 02:40 |
| kerio | perhaps on the neo900 s plus | 02:40 |
| DocScrutinizer05 | the device itself is a "TPM" | 02:41 |
| DocScrutinizer05 | there's no other way than brute force soldering to access the device when user has locked it down | 02:42 |
| DocScrutinizer05 | and even then you're lost when user installed a cryptfs | 02:42 |
| kerio | cold ram etc etc | 02:43 |
| kerio | as a bonus, when the NSA manages to desolder the ram without breaking anything, you can ask them to install a bigger ram module! :D | 02:43 |
| DocScrutinizer05 | doesn't work since you can't mess with the bootloader | 02:43 |
| kerio | even then, wouldn't it be almost trivial to have the bootloader zero out the ram as the first thing that happens? | 02:44 |
| kerio | so that you MUST desolder it to access the contents? | 02:44 |
| DocScrutinizer05 | sure, but why? | 02:44 |
| DocScrutinizer05 | when you desolder RAM it loses all its content | 02:45 |
| kerio | because of the heat? | 02:45 |
| DocScrutinizer05 | because RAM is volatile | 02:45 |
| kerio | so? keep it powered as you desolder it | 02:45 |
| kerio | ez | 02:45 |
| DocScrutinizer05 | it needs power and even constant refresh to keep info | 02:45 |
| kerio | honestly if the NSA can't even desolder a ram while keeping it working, what good are they? | 02:46 |
| DocScrutinizer05 | not THAT good anyway :-P | 02:46 |
| kerio | trained special agents cutting a hole in your ceiling, dropping down, and desoldering your phone while hanging above the ground | 02:47 |
| DocScrutinizer05 | krhrhrhr | 02:47 |
| kerio | hold on i thought you could literally just freeze the ram | 02:48 |
| kerio | and it would keep the content for like 10 minutes | 02:48 |
| kerio | ...how do you desolder it while keeping it frozen? ¬.¬ | 02:48 |
| DocScrutinizer05 | good question :-) | 02:48 |
| kerio | meh i bet you could just use a very tiny dremel cutter | 02:49 |
| DocScrutinizer05 | hmmm that *might* work but even then you don't have any of the CPU registers | 02:50 |
| kerio | freeze the cpu! :D | 02:50 |
| DocScrutinizer05 | well, I'm pretty sure NSA has not the faintest chance to unlock a decently locked Neo900 | 02:51 |
| kerio | yeah, because it doesn't exist ._. | 02:51 |
| DocScrutinizer05 | except brite force decryption | 02:51 |
| kerio | yeah but strong crypto is sloooooooooooow | 02:51 |
| DocScrutinizer05 | yes, particularly the brute force decryption | 02:52 |
| kerio | yeah but | 02:52 |
| DocScrutinizer05 | you actually just need strong encryption to store a hash table with decryption keys unique for each sector | 02:54 |
| DocScrutinizer05 | those can be weak then | 02:54 |
| DocScrutinizer05 | also can be symmetric | 02:56 |
| kerio | "can be symmetric" what | 02:56 |
| kerio | how do you think crypto actually works | 02:56 |
| DocScrutinizer05 | the commonly known crypto is assymetric | 02:57 |
| kerio | no, you do asymmetric auth and asymmetric key exchange | 02:57 |
| kerio | the key exchange is to exchange a key for symmetric crypto | 02:57 |
| DocScrutinizer05 | yes, and only for the symmetric key | 02:57 |
| kerio | once you get a shared secret, you use it to fire up a chacha20 stream or two | 02:58 |
| kerio | or AES if you're into that kind of stuff | 02:58 |
| DocScrutinizer05 | whatever | 02:58 |
| kerio | i don't think that chacha20 is suited to do disk encryption tho | 02:58 |
| kerio | and non accelerated AES is sloooooooooooooooooooooow | 02:59 |
| kerio | hm, does the omap3 in the neo900 have accelerated AES? | 03:00 |
| kerio | apparently it's only in "high security" omap3s | 03:00 |
| DocScrutinizer05 | check the OMAP3 TRM | 03:00 |
| DocScrutinizer05 | iirc it's available to user only in GP devices, in HS devices it's available to TrustZone only | 03:01 |
| DocScrutinizer05 | ask freemangordon he's far more savvy than me about that stuff | 03:04 |
| DocScrutinizer05 | I never really looked into it since I can't do anything about it anyway | 03:05 |
| DocScrutinizer05 | I'm using a FM3730 GP device and that's it | 03:05 |
| DocScrutinizer05 | DM* | 03:05 |
| DocScrutinizer05 | couldn't get a HS device even if I wanted | 03:06 |
| DocScrutinizer05 | and if I could, I wouldn't know the root key of M-Shield aka TrustZone aka security monitor | 03:07 |
| kerio | hold on, it's not specified by the vendor? :o | 03:08 |
| DocScrutinizer05 | I don't even know if e.g. Nokia flashes those keys at own factory or gets then preflashed from TI | 03:08 |
| DocScrutinizer05 | I only know there's a key in a untouchable ROM in SoC and you can't read it out and neither do you know the secret key to that non-public "pubkey" | 03:10 |
| DocScrutinizer05 | and your bootloader needs to be signed by the secret key | 03:11 |
| kerio | a private public key? the fuck | 03:11 |
| DocScrutinizer05 | an unreadable pubkey | 03:11 |
| DocScrutinizer05 | only available to TrustZone | 03:12 |
| DocScrutinizer05 | and TrustZone firmware checks the bootloader signature with that pubkey | 03:13 |
| DocScrutinizer05 | bootloader in turn is supposed to check the kernel's signature and so on | 03:13 |
| kerio | yeah but surely if you're buying the chips you can decide which key that is | 03:14 |
| DocScrutinizer05 | I'm not sure about that | 03:14 |
| kerio | yeah but surely if you're paying enough money you can decide which key that is | 03:14 |
| DocScrutinizer05 | you can hand a key to TI to let them program it to the ROM, I guess | 03:15 |
| kerio | isn't it efuses? | 03:15 |
| DocScrutinizer05 | prolly it is, dunno for sure | 03:15 |
| kerio | leave it open for the user to shoot themselves in the foot with | 03:15 |
| DocScrutinizer05 | yeah | 03:15 |
| DocScrutinizer05 | possible, I simply dunno | 03:16 |
| kerio | step 1) generate private key and public key | 03:16 |
| kerio | step 2) burn public key onto chip and enable trusted boot | 03:16 |
| kerio | step 3) lose private key because the hard disk crashed or something | 03:16 |
| DocScrutinizer05 | I wouldn't be surprised if exactly this happened to N900 | 03:17 |
| kerio | with the repos? | 03:17 |
| DocScrutinizer05 | so nokia couldn't update the xloader code anymore | 03:17 |
| kerio | oh for the bootloader | 03:17 |
| kerio | at least xloader is quite flexible in what it chainloads :> | 03:17 |
| DocScrutinizer05 | N900 xloader doesn't enforce chain of trust though. I.E. it doesn't check signature of NOLO | 03:18 |
| kerio | you can basically just treat xloader as a second stage ROMBL right | 03:18 |
| DocScrutinizer05 | evidence: you can hack NOLO | 03:19 |
| DocScrutinizer05 | right | 03:19 |
| DocScrutinizer05 | N900 *is* a HS device (3430) | 03:19 |
| kerio | so we should have accelerated AES P: | 03:20 |
| DocScrutinizer05 | N9 is a HS device (3630) | 03:20 |
| DocScrutinizer05 | no, afaik and iirc only TZ can access AES accel on HS devices | 03:21 |
| DocScrutinizer05 | another question is if the monitor in TZ allows userland acces to AES via monitor as proxy | 03:21 |
| DocScrutinizer05 | such stuff gets configured in xloader afaik | 03:22 |
| DocScrutinizer05 | in ARM you basically can configure every subsystem to belong to either TZ or userland (incl kernel) or even share between the two, e.g RAM a few pages for TZ only, the rest for userland (and TZ too of course) | 03:24 |
| DocScrutinizer05 | the whole ARM architecture has an own "address line" for TZ | 03:25 |
| DocScrutinizer05 | I honestly only had a cursory look into all this | 03:26 |
| kerio | alright, openssl HEAD does 37MB/s of chacha20-poly1305 on my sheevaplug | 03:29 |
| DocScrutinizer05 | I had to mess with a IP called "mailbox" or "postbox" (PB503?) of ARM, and there I leearned it's consisting of N FIFOs which can get accessed by both cores of a dualcore, and M of those FIFOs (for M<N) can get assigned to secure mode exclusively | 03:29 |
| kerio | (marvell kirkwood) | 03:29 |
| DocScrutinizer05 | http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.kui0062a/rlarm_ar_mbx_using.htm | 03:31 |
| kerio | dear lord, i'm only getting 8MB/s for aes 256 gcm | 03:32 |
| kerio | my lappy gets 1.7 and 2.5GB/s, respectively | 03:35 |
| DocScrutinizer05 | aaah I guessd this been it PrimeCell PL320 http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.kui0062a/rlarm_ar_mbx_using.htm | 03:35 |
| DocScrutinizer05 | dang | 03:36 |
| DocScrutinizer05 | http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0306b/CHDHJBBJ.html | 03:36 |
| DocScrutinizer05 | http://infocenter.arm.com/help/topic/com.arm.doc.ddi0306b/index.html even | 03:37 |
| DocScrutinizer05 | wow that's annoying again how the public datasheet for PL320 doesn't seem to even mention TrustZone and secure mode at all | 03:45 |
| DocScrutinizer05 | I had access to the confidential HS specs, you won't find those in public | 03:46 |
| DocScrutinizer05 | anyway http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/ch02s02s01.html | 03:58 |
| DocScrutinizer05 | >> The security of the system is achieved by partitioning all of the SoC’s hardware and software resources so that they exist in one of two worlds - the Secure world for the security subsystem, and the Normal world for everything else. Hardware logic present in the TrustZone-enabled AMBA3 AXITM bus fabric ensures that no Secure world resources can be accessed by the Normal world components, enabling a strong security perimeter to be | 04:02 |
| DocScrutinizer05 | built between the two.<< | 04:02 |
| DocScrutinizer05 | >> The addition of the NS bit to the bus transactions, and to any cache tags in the system, can be viewed as providing a 33rd address bit. There is a 32-bit physical address space for Secure transactions and a 32-bit physical address space for Non-secure transactions.<< | 04:10 |
| DocScrutinizer05 | so AES might exist in both HS and GP devices, but the question is whether it's mapped to Secure or Non-secure address | 04:12 |
| DocScrutinizer05 | afaik it's mapped to Secure only on HS devices | 04:12 |
| DocScrutinizer05 | IOW it might be available to "Normal world" on GP devices | 04:13 |
| DocScrutinizer05 | ROMBOOT and stuff like keys is always mapped to Secure | 04:14 |
| DocScrutinizer05 | my uneducated guess | 04:15 |
| *** LauRoman|Alt has joined #maemo-ssu | 04:21 | |
| DocScrutinizer05 | on NovaThor everything in R&D ran in Secure mode, so it was quite messy to build and _sign_ a new image to flash to the devel boards | 04:24 |
| *** LauRoman has quit IRC | 04:24 | |
| DocScrutinizer05 | the signature server was located at some northern country and signing took quite a while | 04:25 |
| *** DocScrutinizer05 has quit IRC | 06:32 | |
| *** DocScrutinizer05 has joined #maemo-ssu | 06:32 | |
| *** enyc has quit IRC | 07:17 | |
| *** chainsawbike has quit IRC | 07:24 | |
| *** chainsawbike has joined #maemo-ssu | 07:28 | |
| *** enyc has joined #maemo-ssu | 07:39 | |
| *** Pali has joined #maemo-ssu | 11:00 | |
| *** futpib has joined #maemo-ssu | 11:44 | |
| *** delphi is now known as trx | 11:55 | |
| *** LauRoman|Alt has quit IRC | 12:06 | |
| *** M4rtinK has joined #maemo-ssu | 12:47 | |
| *** Wizzup_ has quit IRC | 12:54 | |
| *** trx has quit IRC | 14:09 | |
| *** trx has joined #maemo-ssu | 14:14 | |
| *** Wizzup has joined #maemo-ssu | 15:38 | |
| *** Wizzup has quit IRC | 15:49 | |
| *** Wizzup has joined #maemo-ssu | 15:51 | |
| *** Wizzup has quit IRC | 15:55 | |
| *** Wizzup has joined #maemo-ssu | 16:01 | |
| merlin1991 | re n9 | 16:31 |
| merlin1991 | I love how the warning tells you about flashing even though there were no images / tools normally available | 16:31 |
| merlin1991 | but | 16:31 |
| merlin1991 | you can just sideload a .deb that patches /etc/hosts and aegis will keep still | 16:32 |
| *** futpib has quit IRC | 16:43 | |
| *** hashcore has joined #maemo-ssu | 17:29 | |
| *** ente has quit IRC | 17:53 | |
| *** ente has joined #maemo-ssu | 17:54 | |
| *** ente has joined #maemo-ssu | 17:54 | |
| *** freemangordon has quit IRC | 18:03 | |
| *** freemangordon1 has joined #maemo-ssu | 18:03 | |
| *** freemangordon1 has quit IRC | 19:04 | |
| *** freemangordon has joined #maemo-ssu | 19:05 | |
| *** LauRoman has joined #maemo-ssu | 19:19 | |
| merlin1991 | anyone on -stable in here? | 20:31 |
| merlin1991 | ffs the screen on my -stable device is dead | 20:33 |
| *** M4rtinK has quit IRC | 20:54 | |
| bencoh | I'm on stable, why? | 21:07 |
| bencoh | (well, a slightly patched stable, but...) | 21:07 |
| bencoh | merlin1991: ^ | 21:07 |
| merlin1991 | I'm preparing a new release | 21:08 |
| merlin1991 | and would prefer that to sit around for a day or so before pushing it into the main repo | 21:09 |
| merlin1991 | sit around and test ofc :) | 21:09 |
| bencoh | do we have a stable-next repo? | 21:10 |
| merlin1991 | yes :) | 21:10 |
| merlin1991 | you can add it with http://cdnm.at/~christian/maemo/cssu/stable-testing-enabler_0.1_all.deb | 21:10 |
| merlin1991 | Pali: ping | 21:12 |
| Pali | merlin1991: pong | 21:12 |
| merlin1991 | Pali: why did we update e2fsprogs? | 21:12 |
| Pali | do not remember :-) | 21:12 |
| bencoh | merlin1991: pasting the repo url would make it simpler ;) | 21:12 |
| Pali | can look into git | 21:12 |
| merlin1991 | well it is just update to upstream version x | 21:12 |
| merlin1991 | +patches to make it build for maemo | 21:12 |
| merlin1991 | not why though | 21:12 |
| merlin1991 | bencoh: the enabler throws in the key aswell ;) | 21:13 |
| Pali | merlin1991: I think kerio reported some bug | 21:13 |
| kerio | i what | 21:13 |
| merlin1991 | and adds it as a system catalogue with proper priority | 21:13 |
| Pali | kerio: wasnt you who found some bug in maemo fsck? | 21:13 |
| merlin1991 | gonna grep channel logs | 21:13 |
| Pali | I think that fsck needs lot of RAM or something like that | 21:14 |
| *** M4rtinK has joined #maemo-ssu | 21:14 | |
| Pali | http://mg.pov.lt/maemo-ssu-irclog/%23maemo-ssu.2013-05-07.log.html#t2013-05-07T23:30:50 | 21:17 |
| Pali | 2013-05-07 23:30 <kerio> btw, we should upgrade e2fsprogs | 21:17 |
| Pali | so really kerio :P | 21:17 |
| kerio | yeah but | 21:17 |
| kerio | ...it took you 3 years to upgrade e2fsprogs? | 21:17 |
| Pali | not me, but merlin1991 | 21:18 |
| merlin1991 | last stable release 2014 :/ | 21:18 |
| * merlin1991 hangs head in shame | 21:18 | |
| merlin1991 | last testing release was only a year ago | 21:19 |
| Pali | merlin1991: I forgot to build new HAM for cssu-devel... | 21:32 |
| Pali | updated debian/changelog is in git now | 21:32 |
| Pali | anyway current cssu-devel HAM (2.2.74) should be released | 21:33 |
| merlin1991 | what did you change on top of what is in -devel? | 21:35 |
| Pali | 1) fix doing SSU update :-) 2) notification configuration via /etc/hildon-application-manager/settings 3) fix notification key for provider 4) /proc/cpuinfo | 21:38 |
| bencoh | cpuinfo? | 21:39 |
| Pali | that is for upstream kernel | 21:39 |
| bencoh | ah | 21:39 |
| Pali | merlin1991: anyway, in cssu-devel is also missing jonwil's update for maemo-security-certman | 21:40 |
| Pali | where are new certificates | 21:40 |
| Pali | also in cssu-devel is missing new alarmd | 21:41 |
| Pali | also fmtx-middleware | 21:41 |
| Pali | and for hildon-application manager: there are backported PR1.3 changes | 21:42 |
| Pali | because those were not part of HAM cssu version :-( | 21:42 |
| Pali | hm... also hildon-welcome is not updated in cssu-devel | 21:43 |
| Pali | and also initrd-progs | 21:43 |
| Pali | and also mce | 21:43 |
| Pali | and thats all | 21:43 |
| merlin1991 | feel free to push the packages you changed into cssu-devel | 21:43 |
| Pali | merlin1991: now when you are building packages, can you build also those for cssu-devel? | 21:44 |
| Pali | no idea which changes are mine | 21:44 |
| Pali | this is from cssu-state script | 21:44 |
| merlin1991 | I don't want to push any half done changes :/ | 21:44 |
| merlin1991 | meh building evolution-data-server kills all the dependencies in scratchbox | 21:44 |
| Pali | once debian/changelog is increased changes are done/ready for cssu-devel | 21:45 |
| merlin1991 | because it wants libdb4.2 which conflicts with libdb1 | 21:45 |
| Pali | ah :-( | 21:45 |
| Pali | anyway, when releasing git changes, check also my cssu-state script from https://github.com/community-ssu/cssu-state | 21:46 |
| merlin1991 | I used it to get my overview what I copy from testing -> stable | 21:46 |
| *** M4rtinK has quit IRC | 21:56 | |
| *** futpib has joined #maemo-ssu | 21:58 | |
| *** M4rtinK has joined #maemo-ssu | 22:08 | |
| *** M4rtinK has quit IRC | 22:24 | |
| merlin1991 | hm glib2 doesn't build | 22:30 |
| *** chainsawbike has quit IRC | 23:23 | |
| *** M4rtinK has joined #maemo-ssu | 23:29 | |
| *** futpib has quit IRC | 23:41 | |
| *** M4rtinK has quit IRC | 23:52 | |
| *** hashcore has quit IRC | 23:58 | |
Generated by irclog2html.py 2.15.1 by Marius Gedminas - find it at mg.pov.lt!
