Thread: Neo900 - finally a successor of N900
View Single Post
stevenc is offline stevenc
2016-01-06 , 14:38
Posts: 13 | Thanked: 43 times | Joined on Apr 2015
#2752
Originally Posted by joerg_rw View Post
if you locked your device there's no way for an attacker to bypass that security in uBoot, except of unlocking the device again which means disassemble and solder
I hadn't thought of that obvious risk. It sounds good then that SYS_BOOT5 is not easily accessible without removing the whole board and maybe soldering something first.

Originally Posted by joerg_rw View Post
The less concerned user would keep the battery lid hallswitch connected to SYS_BOOT[5] to allow forcing of e.g. USB (xloader) boot in case some mishap messed up e.g. uBoot.
Why use the hallswitch for that purpose? If we have the Hackerbus, could one of its pins be jumper-able to SYS_BOOT5 instead? Basically so that test automation is easier, like if having to bisect a uBoot bug or something. Not my idea, but its something I've heard from a Linaro developer while visiting ARM so probably has wisdom in it.

Thanks!

p.s. this is also a defence against supply-chain interdiction - the paranoid end-user should be able to re-flash MLO/uBoot - even if the ones in flash are not 'broken' they may be considered untrusted.
Last edited by stevenc; 2016-01-06 at 14:48.
 

The Following 4 Users Say Thank You to stevenc For This Useful Post: