07:32 <f_> hexdump0815: maybe. Would be great if it's the case, A311D has pretty good support in mainline :)

09:44 <f_> oooh.. Now that was completely unexpected

09:45 <f_> I think I might have an idea regarding on what foss firmware Amlogic's bl30 is based on

09:45 <f_> but not 100% sure

09:49 <f_> I noticed some stuff it outputs to UART look similar to what cros_ec would output? Somehow Amlogic could've retrofitted it for their SCP?

09:50 <f_> Only way to make sure is to feed it to ghidra and diff/compare :)

09:57 <f_> If that is true it might make reversing it easier as then all I/we/you/etc need to do is reverse-engineer amlogic's changes, and no need to care about the rest :D

09:58 <f_> Being able to boot with no proprietary boot firmware running on the AP is a nice achievement, but I'd argue being able to boot with no proprietary boot firmware *at all* would be much more awesome

09:59 <f_> If no one gets to reversing BL30 before me, I could try.. but I said I was going to reverse g12b BL2 before, so SCP fw reversing will be later for me

10:00 <f_> that said running stuff on the SCP ought to be pretty straightforward. I think even on secureboot-enabled devices the SCP firmware doesn't actually do encryption/signing checks and such

10:01 <f_> at least it did not complain at all when I loaded an old s805y bl30 from some random u-boot repo along with an old lepotato bl301

10:01 <f_> on the secureboot-enabled Mi TV Stick

10:02 <f_> So I'm fairly confident no checks are being ran on bl30 by the SCP

10:03 <f_> which kinda makes sense.. BL2 and BL1 are the ones doing all the rest of the checks, and in theory that would not allow you from running your own firmware at all.. unless there was a vuln in one of these two

10:26 <chewitt> f_ have you seen https://www.cnx-software.com/2021/12/06/amlogic-v901d-a-quad-core-cortex-a55-processor-for-in-vehicle-infotainment/ ?

10:26 <f_> chewitt: noticed it yeah, did not read it though

10:27 <f_> Hmm.. some of these specs are similar to some amlogic SoC I've seen before

10:28 <f_> interesting

10:29 <chewitt> It looks overall similar to the SM1 boards; except for AV1 support, so I suspect it's closer to S4 .. the article says the same

10:30 <chewitt> I think V901D just proves their marketing team uses /dev/random for naming input :D

10:33 <f_> I'm sure V is the first letter of "car" in some other language so not completely /dev/random :D

10:33 <chewitt> https://www.aftvnews.com/detailed-hardware-specs-of-the-fire-tv-for-auto-systems-in-the-jeep-grand-wagoneer-and-chrysler-pacifica/

10:34 <f_> but what in the world is up with 902/905/912/805/812 numbers

10:34 <chewitt> they lost the plot with those a long time ago

10:41 <f_> Okay, amlogic bl30 might be based upon cros_ec-v1.1.0

14:07 <f_> I could not resist

14:07 <f_> I opened bl30 in ghidra to take a look

14:07 <f_> I believe it is indeed based on https://chromium.googlesource.com/chromiumos/platform/ec

14:08 <f_> version v1.1

14:09 <chewitt> another piece of the jigsaw :)

14:09 <f_> :D

14:12 <f_> if anyone wants to stare at it feel free!

17:28 <f_> regarding the HDMI boot dongle, it looks like a vendor can choose to disable it completely apparently.

17:29 <f_> They can choose to also disable USB boot entirely. Though that is kind of separate

17:29 <f_> Separate as in, if the HDMI boot dongle detection is enabled and USB is disabled, and a hdmi boot dongle is plugged in, it will go to USB mode

17:29 <f_> But under no other circumstances will it reach that mode

17:30 <f_> you can {dis,en]able it by blowing efuses. I'll push some docs about those in a bit

18:15 <f_> And yep, secureboot does not imply AES encryption

18:15 <f_> at least not in the bootROM's POV.

18:32 <f_> https://git.vitali64.duckdns.org/misc/reversing-gxbb-bl2.git/about/docs/gx-bootrom.md#efuseotp

18:36 <f_> > Obfuscate UART logs

18:36 <f_> :D :D :D

18:44 <f_> *security by obscurity intensifies*

18:45 <f_> Luckily only a few zte devices have that enabled

19:03 <narmstrong> f_: oh it may explain those task thing they also use in bl301

19:03 <narmstrong> what a weird base to use

20:49 <f_> narmstrong: yeah, but cros_ec has cortex-m support so there's that ;p

20:49 <f_> it probably would've been better to just use Arm-Software/SCP-Firmware

20:56 <f_> Anyway, that was just out of curiosity while I randomly saw a chromebook's EC logs and thought to myself, "hey that looks familiar!"

20:56 <f_> s/while/when/