#armbian-broadcom on 2023-09-30 — irc logs at libera.irclog.whitequark.org

01:03 DC-IRC has quit [Remote host closed the connection]

01:03 DC-IRC has joined #armbian-broadcom

19:50 <DC-IRC> <microlinux> @clever___ do you know anything abut the hw media dec capabilities on RPI 5?

19:50 <DC-IRC> <clever___> from what ive seen on the forums, it only has h265/hevc decode, and nothing else

19:50 <DC-IRC> <microlinux> I only found h265 4h60 decoding capabilities, but h264 was removed entirely

19:50 <DC-IRC> <clever___> they have even dropped h264 hw

19:50 <DC-IRC> <microlinux> does it have anything else?

19:50 <DC-IRC> <clever___> nothing that ive heard of so far

19:50 <DC-IRC> <microlinux> bc h265 only looks quite por

19:50 <DC-IRC> <microlinux> poor

19:50 <DC-IRC> <clever___> even the hw jpeg was removed

19:51 <DC-IRC> <clever___> its kind of like the gutted the videocore design, leaving only the 2d/3d and hevc

19:51 <DC-IRC> <clever___> its kind of like the gutted the videocore design, leaving only the 2d/3d/vpu and hevc

19:51 <DC-IRC> <microlinux> know I know why they basically release no info about that... it looks really bad hw wise.

19:51 <DC-IRC> <microlinux> the cpu is amazing

19:52 <DC-IRC> <microlinux> but having to do everything on software is the opposite of arm hw...

19:52 <DC-IRC> <clever___> they did at least add the arm crypto extensions

19:52 <DC-IRC> <microlinux> indeed!

19:52 <DC-IRC> <clever___> and the new ISP is now properly driven by linux

19:52 <DC-IRC> <clever___> so the ISP could be reused for some things

19:53 <DC-IRC> <microlinux> yeah, I heard about threadX being removed

19:53 <DC-IRC> <clever___> i'm not sure if threadx was actually removed or not

19:53 <DC-IRC> <clever___> need to investigate that

19:53 <DC-IRC> <microlinux> but what code is in charge instead, and how open source is it?

19:53 <DC-IRC> <clever___> the VPU is still there, and some of the mailbox services

19:53 <DC-IRC> <clever___> the original pi4 firmware, went bootcode.bin -> start4.elf -> kernel.img

19:54 <DC-IRC> <clever___> and start4.elf managed h264, isp, and a few other things

19:54 <DC-IRC> <clever___> the network install changes altered how pi4 works, making it:

19:54 <DC-IRC> <clever___> bootcode.bin -> bootmain.elf -> start4.elf -> kernel.img

19:54 <DC-IRC> <clever___> with bootmain.elf stored in SPI as well

19:55 <DC-IRC> <clever___> the pi5 then just deleted a step

19:55 <DC-IRC> <clever___> bootcode.bin -> bootmain.elf -> kernel.img!

19:55 <DC-IRC> <clever___> bootmain.elf is now the primary VPU firmware, still held in SPI flash

19:56 <DC-IRC> <clever___> `vcgencmd` and the usual firmware stuff appears to still be present, but is talking to `bootmain.elf` instead of `start4.elf`

19:59 <DC-IRC> <clever___> i need to fix ghidra, and take a closer look at `bootmain.elf` and see if its threadx or custom

20:04 <DC-IRC> <clever___> they have also been making major strides in terms of open source

20:04 <DC-IRC> <clever___> linux is now driving the entire camera, 2d, and 3d subsystems, from what i hear

20:04 <DC-IRC> <clever___> so the closed source is only doing dram init, basic bootup, and thermal/power throttling, from what ive heard

20:07 <DC-IRC> <microlinux> good!

20:08 <DC-IRC> <microlinux> i am very disappointed with the hw blocks, but it's very decent for a pi5

20:08 <DC-IRC> <clever___> one thing i'm conflicted on, is that putting everything into SPI, is basically one of the plans i had for the open firmware

20:09 <DC-IRC> <clever___> but the way they have done it, also makes the chain of trust more solid

20:09 <DC-IRC> <clever___> so it may be difficult to run open firmware on the pi5

20:13 <DC-IRC> <clever___> https://cdn.discordapp.com/attachments/964943707793150052/1157772176678723675/bootflow_2711_netinstall.png?ex=6519d2dd&is=6518815d&hm=47f9319579a76004a01a4cf48bbd4db77e368e1fed8b90335fd5a0955a65b26e&

20:13 <DC-IRC> <clever___> on the pi4, the stage-1 file was signed with an hmac-sha1, and i had to dump the bootrom to get the keys and sign custom files

20:14 <DC-IRC> <clever___> stage 1.5 is hashed, and stage1 validates the hash

20:14 <DC-IRC> <clever___> the expected hash is inside the stage1 binary, so changing the expected hash breaks the stage1 signature

20:14 <DC-IRC> <clever___> but stage2 was unsigned, creating a gaping hole in the security, allowing me to dump the keys

20:14 <DC-IRC> <clever___> but pi5 deleted stage2 entirely

20:14 <DC-IRC> <clever___> stage 1.5 is still hashed

20:14 <DC-IRC> <clever___> stage1 unknown

20:15 <DC-IRC> <clever___> @microlinux that all make sense?

20:18 <DC-IRC> <microlinux> ahaha yeah clever, it makes some.

20:18 <DC-IRC> <microlinux> need to go, many thanks for your insights

20:18 <DC-IRC> <clever___> without a way to get my foot in the door, there is no way to dump the rom and keys

20:18 <DC-IRC> <clever___> until they publish the recovery docs, any attempt to get in thru SPI risk bricking the pi

20:19 <DC-IRC> <clever___> but i could try a `recovery.bin` and see what happens....