10:11 <f_> I'm giving up decrypting the rest for now. My guess is the keys might be in one of those headers or somewhere else

10:12 <f_> I can theoretically already boot u-boot spl

10:12 <f_> Right now I'll try on my trusty lepotato board with no secureboot enabled at all, just to see how SPL reacts to amlogic-usbdl.

10:13 <f_> This also means I'll have to get rid of the @AML header that gets added, since I can simply just jump right to the payload

10:25 <f_> Also I'd rather not load amlogic BL2 on this thing

10:25 <f_> with u-boot spl I know it's not going to do magic stuff with... stuff

12:02 <f_> GXL:BL1:9ac50e:bb16dc;FEAT:ADFC318C:0;POC:2;RCY:0;USB:0;

12:02 <f_> <d}Յ>

12:02 <f_> USB boot

12:02 <f_> resetting ...

12:02 <f_> cool ^^

13:28 <phh> f_: to be sure i understood it all, you have a xiaomi tv stick, vulnerable to the usb dl flaw, which you used to dump the AES key from efuses. Only AES key is used for secure boot, so that's enough for you to boot your own bootloader. Is that correct?

13:57 <f_> phh: Basically. Except all the firmware is encrypted and the key I dumped is only for BL2

13:57 <f_> And I can already boot my own bootloader via USB thanks to the vuln.

13:58 <f_> I haven't tested replacing BL2 on the eMMC, and I don't think it'll work.. it's signed

13:59 <f_> I mostly did my best to not touch anything on the eMMC. So only the vendor u-boot env has been altered, to boot postmarketOS from it

14:01 <f_> and in android I just enabled adb

14:01 <f_> (no root, however)

14:16 <f_> phh: basically I'm trying something similar to https://fredericb.info/2021/11/booting-ubuntu-on-google-chromecast-with-google-tv.html but on gxl and with u-boot-spl and mainline u-boot

14:27 <f_> oooh :D

14:27 <f_> GXL:BL1:9ac50e:bb16dc;FEAT:BDFD71BC:0;POC:3;RCY:1;USB:3;

14:27 <f_> <debug_uart>

14:27 <f_> ^ as seen on tv stick :D

14:28 <f_> But it print "USB boot" nor "resetting ...". I suppose DRAM init fails which is to be expected.. that binary uses lepotato's config and lepotato uses DDR3 while the stick uses DDR4

14:32 <Danct12> i should do something to my beelink gt-king again

14:32 <Danct12> my first idea is going to build a replacement shell for it and custom cooling

14:33 <Danct12> there's apparently a lot of space for a custom cooling

14:33 <Danct12> even screw holes for that

15:07 <f_> Danct12: who's stopping you from doing it? :)

17:15 <f_> edit: "But it" doesn't "print..."

17:32 <Danct12> f_, nothing but.. i'm having trouble finding the exact cooler

17:35 <Danct12> and also it seems like beelink has several revisions of the board

17:36 <Danct12> some with mounting holes and other without them??

17:36 <Danct12> it also has a unpopulated usb port

17:37 <Danct12> so if i would go and adapt a custom case, i'd probably solder a usb port to that and enable it

17:37 <Danct12> assuming it works