Sonikku Posted April 28, 2017 Posted April 28, 2017 Hi all I need to develop a customized application on the OrangePi that uses this Allwinner H3 chip. So everything about this is the standard Armbian, with one change- I need to add security code into the loader to secure the board Prior to this I have only ever developed superloop C code on processors such as these i.e. no OS present. In those cases we had the development tools from the vendor or a JTAG probe. What I need to do is I need to customize the loader code to do certain security tasks. My question is, where is this loader sitting? (presumably its in the FLASH), and, is its source part of this distribution? Also, when they make these boards, how do they install these loaders onto the blank boards? It would be most useful if I could know what happens after CPU reset- I presume the CPU starts booting from the FLASH and then executes the loader found there. Initially a JTAG tool is required to put this loader on the board presumably?
zador.blood.stained Posted April 28, 2017 Posted April 28, 2017 This applies to H3 also: https://linux-sunxi.org/BROM So BROM cannot be changed in any way and you won't be able to make a perfect security model. It may be possible to enable secure mode in the future, but it's still WIP: https://linux-sunxi.org/TOC0
zador.blood.stained Posted April 28, 2017 Posted April 28, 2017 In case of Armbian (and most other distributions) BROM loads the mainline u-boot with some patches on top of it.
Sonikku Posted May 10, 2017 Author Posted May 10, 2017 Thanks for the info- I spoke to Steven at OrangePi and he explained to me how this works in much detail which also confirms that secure boot is a WIP. In the meantime, until it works (and when it does I will be eagerly ready to try it), we will enclose the device in a steel box, until at least Linux is booted and we can run our own security apps and daemons.
Recommended Posts