janng0

About 2). As @xeniter mentioned before, it is not secure - one can read it via FEL mode due to hack implemented in sunxi-fel utility: // file fel.c in sunxi-tools /* * Issue a "smc #0" instruction. This brings a SoC booted in "secure boot" * state from the default non-secure FEL into secure FEL. * This crashes on devices using "non-secure boot", as the BROM does not * provide a handler address in MVBAR. So we have a runtime check. */ void aw_apply_smc_workaround(feldev_handle *dev) { soc_info_t *soc_info = dev->soc_info; uint32_t val; uint32_t arm_code[] = { htole32(0xe1600070), /* smc #0 */ htole32(0xe12fff1e), /* bx lr */ }; /* Return if the SoC does not need this workaround */ if (!soc_info->needs_smc_workaround_if_zero_word_at_addr) return; /* This has less overhead than fel_readl_n() and may be good enough */ aw_fel_read(dev, soc_info->needs_smc_workaround_if_zero_word_at_addr, &val, sizeof(val)); /* Return if the workaround is not needed or has been already applied */ if (val != 0) return; pr_info("Applying SMC workaround... "); aw_fel_write(dev, arm_code, soc_info->scratch_addr, sizeof(arm_code)); aw_fel_execute(dev, soc_info->scratch_addr); pr_info(" done.\n"); } But we implemented another hack on this hack - we burned USB)) It's definitely not elegant and not tested well (we don't know for sure, if only USB is burned, but not some other useful parts of the SoC), but finally USB data channels are broken (D+ and D-) but power channels are ok - Nanopi Neo still gets power via USB, but FEL mode is completely unavailable. To do this, we connected USB data channels D+ and D- to 20V power source via capacitor of 0.22uF. ------------------------- D+ 20v -------- 0.22uF -------- D-

Useful links № link description 1 this topic full instruction by itself - extremely useful 2 SID Register Guide description of eFUSE fields; likely created while looking through this code from [11] 3 FEL info description of FEL mode and how to switch in FEL (see also [9]) 4 jemk script ruby-script to pack SPL binary into TOC0 format (see also create_toc0 in 6) ) 5 newer SPL sources (2014) likely original SPL (aka SBromSW) from Allwinner; based on U-Boot 2014 6 AW openssl tools tools for generating keys and TOC0 from Allwinner SDK 7 uart0-helloworld-sdboot code that works on bare metal Allwinner SoC, also in FEL-mode 8 sunxi tools info tool for working with FEL and other useful stuff 9 more on FEL more info about FEL mode (just useful to read) 10 eFUSE burner working code, that burns rotpk from @xeniter (base on code in [7]) 11 original SPL original Allwinner SPL for H3 12 eFUSE structure full description of eFUSE structure (likely [2] is based on this code) 13 Nanopi Neo firmware firmware (and it's source code) 14 Brom sources original Brom sources, dumped from SoC (assembler, not C-sources) Brom == SBromHW == boot ROM - first loader, burned inside SoC SPL == SBromSW == Second Program Loader - second loader, verified and loaded by Brom with help of rotpk U-Boot - third loader, verified and loaded by SPL rotpk == Root Of Trust Public Key - the most important key, burned into eFUSE (as ROTPK_HASH, counted by this formula), as verification chain starts from it Semelis == Secure OS - some code, that works in Secure World (likely just Linux) Normal OS - some code, that works in Normal World (Linux, Android, etc.) verification chain: power on => starts Brom Brom looks for SPL on persistent memory (SD-card, eMMC, etc.; for SD-card it looks at offset 8kb); SPL not present => goto FEL Brom checks for rotpk in eFUSE 1) rotpk present: verify and load SPL; verification failed => goto FEL 2) rotpk not present: load SPL SPL checks for rotpk 1) rotpk present: goto 5. 2) rotpk not present: burn rotpk and other keys into eFUSE SPL checks for secure U-Boot 1) secure U-Boot not found => likely goto FEL (may be options, depending on SPL logic) 2) verify secure U-Boot with some keys (depends on SPL logic); verification failed => goto FEL 3) load secure U-Boot secure U-Boot verifies and loads Semelis, or goes to FEL, if comething is wrong SPL checks for normal U-Boot 1) normal U-Boot not found => likely goto FEL (may be options, depending on SPL logic) 2) verify normal U-Boot with some keys (depends on SPL logic); verification failed => likely goto FEL (may be options, depending on SPL logic) 3) load normal U-Boot normal U-Boot verifies and loads Normal OS or, if comething is wrong, likely goto FEL (may be options, depending on normal U-Boot logic) two full featured (Normal and Secure) OSes are running and communicating Full featured TrustZone is: two full featured (kernel space + user space ) Linux , one works inside Normal World, another inside Secure World. Monitor Mode - some code, that clues two worlds. Normal World issues software interrupt (ARM instruction SMC). Normal World kernel implements Monitor Mode - verifies if the switch between worlds is possible, saves some parameters for Secure World handler and issues SMC instruction. Secure World kernel handles software interrupt, issued by SMC instruction, executes some work, issued by Normal World parameters and returns back from SMC software interrupt handler to Normal Wold. There may be ortions, so Semelis could be something more simple than full featured Linux. to burn eFUSE 1) build sunxi-tools apt-get install libusb-1.0-0-dev git clone https://github.com/linux-sunxi/sunxi-tools sunxi_tools_dir cd ./sunxi_tools_dir make 2) switch H3 into FEL just pull SD-card out and turn on to check: cd ./sunxi_tools_dir # list shows all connected Allwinner SoC's that are in FEL mode ./sunxi-fel list USB device 001:009 Allwinner H3 02c00081:04004620:79910124:5c1a080e # sid shows CHIPID from eFUSE (see [2]) ./sunxi-fel sid 02c00081:04004620:79910124:5c1a080e 3) compile and run uart0-helloworld-sdboot Before continue also would be useful to connect Nanopi Neo UART to PC - there would logs printed in H3 UART0. Also install crosscompiler (used Linaro GCC 4.9-2015.03, prefix arm-angstrom-linux-gnueabi-, for tests). cd ./sunxi_tools_dir # compile uart0-helloworld-sdboot; Makefile has instructions to autosearch crosscompiler, but in case # run: CROSS_COMPILE=arm-angstrom-linux-gnueabi- make uart0-helloworld-sdboot.elf make uart0-helloworld-sdboot.elf # load binary into SRAM A1 on H3 ./sunxi-fel -v -p write 0x2000 ./uart0-helloworld-sdboot.elf # run code; UART should show: # # Hello from Allwinner H3! # Returning back to FEL. # ./sunxi-fel -v exec 0x2000 4) generating keys Keys are generated with by dragonsecboot from [6]. Parameters of this utility are unknown (no --help flag), so look at this post and tools/pack/createkeys in [6]. git clone https://github.com/friendlyarm/h3_lichee.git h3_lichee cd ./h3_lichee/tools/pack/pctools/linux/openssl # flag -key found in h3_lichee/tools/pack/createkeys PATH=".:$PATH" dragonsecboot -key ../../../common/sign_config/dragon_toc.cfg ../../../common/keys dragonsecboot generates bunch of private keys and name files, as mentioned in file dragon_toc.cfg. For every key also generated .bin file (it is a text file actually) with some mathematical processing. Also one of the keys is mentioned as Trustkey. For this one rotpk.bin is generated - this is our Root Of Trust hash to write to eFUSE. 5) build eFUSE burner Take the working code [10] from @xeniter. Change rotpk_bin on the data from your rotpk.bin from 4). Compile and run it as in 3). That's all - @xeniter already done everything for you:) 6) generating TOC0 create_toc0 from [6] (could be found near dragonsecboot) and jemk script [4] do pretty the same, but using jemk script is easier: # install Ruby sudo apt-get install ruby-full # ruby -v git clone git@gist.github.com:2abcab1359c4bce793679c5854062331.git jemk_mktoc0 # generate TOC0 # Trustkey.pem - Root of Trust, from which rootpk. bin was generated in 4), # sboot.bin - compiled binary SPL, for test simply uart0-helloworld-sdboot could be used # sboot.toc0 - output file ruby ./jemk_mktoc0/mktoc0.rb [path_to_BSP]/h3_lichee/tools/pack/common/keys/Trustkey.pem [path_to_SPL]/sboot.bin sboot.toc0 # ruby ./jemk_mktoc0/mktoc0.rb [path_to_BSP]/h3_lichee/tools/pack/common/keys/Trustkey.pem [sunxi_tools_dir]/uart0-helloworld-sdboot.elf sboot.toc0 Just in case, create_toc0 could be used like this cd [path_to_BSP]/h3_lichee/tools/pack/pctools/linux/openssl # create_toc0 is controlled by the same config dragon_toc.cfg as dragonsecboot - see section [toc0] in dragon_toc.cfg # actually the name of binary to pack into TOC0 is also specified there - it's sboot.bin, so we should copy binary here, or # specify another full path cp [path_to_SPL]/sboot.bin ./sboot.bin # run create_toc0 (create_toc0 uses keys, generated by dragonsecboot) PATH=".:$PATH" create_toc0 ../../../common/sign_config/dragon_toc.cfg ../../../common/keys 7) run board with custom TOC0 and rotpk Insert SD-card and flask your SPL in TOC0 format there sudo dd if=[path_to_toc0]/sboot.toc0 of=/dev/sd[?] status=progress bs=1024 seek=8 Now insert SD-card and run board. If you used uart0-helloworld-sdboot.elf as a binary inside TOC0, you should see some output from device UART0.