Swissbit Secure Boot for Raspberry Pi Relies on MicroSD Card and optional USB Stick

Secure Boot Raspberry Pi

Swissbit secure boot solution for Raspberry Pi consists of an 8GB or 32GB “PS-45u DP” Micro SD card pre-loaded with their secure firmware, and offering the following key features: Security policies with flexible and configurable authentication Access protection with configurable retry counter Protects Raspberry Pi boot loader Encrypts user and boot code to protect license, know-how, and IP The boot image can be set read-only to prevent unauthorized modification Restricting the access to data on the card by various configurable security policies: PIN or USB or NET policy Use 8GB PU-50n DP USB stick as 2nd authentication for secure boot Works with Raspberry Pi 2 and 3B+ (I suppose Raspberry Pi 4 support should come soon enough) Note that we previously wrote about an open-source Raspberry Pi 4 UEFI+ACPI firmware to make the board SBBR-compliant and support features such as UEFI secure boot, but Swissbit secure boot is completely unrelated and instead is a custom security and access control solution. …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Raspberry Pi 4 UEFI+ACPI Firmware Aims to Make the Board SBBR-Compliant

As Arm wanted to enter the server market, they realized they had to provide systems that could boot standard operating system images without modifications or hacks – just as they do on x86 server -, so in 2014 the company introduced the Server Base System Architecture Specification (SBSA) so that all a single OS image can run on all ARMv8-A servers. Later on, Arm published the Server Base Boot Requirement (SBBR) specifications describing standard firmware interfaces for the servers, covering UEFI, ACPI and SMBIOS industry standards, and in 2018 introduced the Arm ServerReady compliance program for Arm servers. While those are specific to Arm server, some people are pushing to implement SBBR compliant for Arm PCs, and there’s one project aiming to build an SBBR-compliant (UEFI+ACPI) AArch64 firmware for the Raspberry Pi 4. The UEFI firmware is a build of a port of 64-bit Tiano Core UEFI firmware, and version 1.1 of the firmware was just released on February 14, …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Embedded Base Boot Requirements (EBBR) Project Aims to Standardize Booting on Embedded Systems


Desktop and server systems relies on standardized interfaces between the bootloader and the OS like UEFI and ACPI, but for embedded systems the way the bootloader, often U-boot, handles the boot flow may vary greatly between targets. Arm and its partners already worked on this in the server space with the Server Base Architecture Specification (SBSA) , and more specifically the Server Base Boot Requirements (SBBR) within the specification that requires the use of both UEFI and ACPI on servers.  Arm has now done something similar with the Embedded Base Boot Requirements (EBBR) project that targets specifically embedded systems, is based on a subset of UEFI, and works with either ACPI or device tree. EBBR specification once implemented in bootloaders like  U-boot or Tianocore/EDK2 should allow a single version of an OS image to boot on multiple platforms without the per-platform customization required today.. In practical terms it means the U-Boot would have a standardize interface with the OS based …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Embedded Linux Conference Europe & OpenIoT Summit Europe 2018 Schedule

Embedded Linux Conference OpenIOT Summit Europe 2018

The Embedded Linux Conference & OpenIoT Summit 2018 took place in March of this year in the US, but the European version of the events are now planned to take place on October 21-24 in Edinburg, UK, and the schedule has already been released. So let’s make a virtual schedule to find out more about some of interesting subjects that are covered at the conferences. The conference and summit really only officially start on Monday 22, but there are a few talks on Sunday afternoon too. Sunday, October 21 13:30 – 15:15 – Tutorial: Introduction to Quantum Computing Using Qiskit – Ali Javadi-Abhari, IBM Qiskit is a comprehensive open-source tool for quantum computation. From simple demonstrations of quantum mechanical effects to complicated algorithms for solving problems in AI and chemistry, Qiskit allows users to build and run programs on quantum computers of today. Qiskit is built with modularity and extensibility in mind. This means it is easy to extend its …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Orange Pi 2G IoT Board Can Now Boot Linux from NAND Flash

Orange Pi 2G IoT is a $10 development board with a 2G cellular modem that was launched last March. The board is based on RDA Micro RDA8810PL processor designed for cheap Android phones, but Linux support was also promoted, and an RDA8810 Android SDK was released in April. It was the first time RDA8810 was used in a development board, and unsurprisingly it was, and still is, a challenge to use such board, as software support is on-going… So people who purchased the board has troubles with controlling GPIOs, or booting Linux from the SoC’s built-in NAND flash, instead reverting to booting from a micro SD card. Luckily, Orange Pi forum’s user surfero75 worked on the latter, found a solution, and posted instructions in Spanish. He wrote those instructions leveraging the work done by Aib user, and I summarized the main steps below explaining how install and boot from NAND flash (Warning: This could potentially brick your board if something …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Hacking ARM TrustZone / Secure Boot on Amlogic S905 SoC

Amlogic S905 processor used in many Android TV boxes and ODROID-C2 development board implements ARM TrustZone security extensions to run a Trusted Execution Environment (TEE) used for DRM & other security features. However, Frédéric Basse, a security engineer, worked with others and managed to bypass secure boot in one Amlogic S905 powered Android TV box, namely Inphic i7, but any other device based on the processor would have made the same thing possible. He explains the steps they went through and how they managed to exploit vulnerability to bypass secure boot in a detailed technical blog post. They first started by looking for info in Amlogic S905 datasheet, but most info about TrustZone had been removed from the public version. So not that much help here except a potential address for BOM Root (ROMBOOT_START   0xD9040000). The next step was to connect the UART pins in order to access the serial console, but he could not read the BootROM from …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Raspberry Pi Bootloader License Precludes it to Run on Competing Broadcom BCM283x Boards

Yesterday I wrote about ArduCAM Raspberry Pi compatible module, that packs most of the features of Raspberry Pi Zero or Pi Compute module into a 24x24mm board, and is based on Broadcom BCM2835 processor. One person also started a thread on Raspberry Pi forums about the tiny module, and one of the Raspberry Pi engineer and forum moderator replied that will would breach the bootloader license. The important part is the sentence highlighted above: This software may only be used for the purpose of developing for, running or using a Raspberry Pi device. ArduCAM module is only Raspberry Pi compatible, so it would indeed breach the license, and you can get into troubles if you planned to use that module in a commercial project, especially in countries where IP protection is taking seriously. This raises a few questions. First why did the Raspberry Pi foundation chose that restrictive license? The obvious answer would be to protect there investment, but it’s …

Support CNX Software – Donate via PayPal or become a Patron on Patreon

Preliminary Open Source Bootloader for Raspberry Pi Boards Released

Raspberry Pi boards require a closed-source binary to boot. I understand it this is handled by VideoCore IV GPU,  and so  far the Raspberry Pi foundation are not release source code for the bootloader, possibly due to legal reason (e.g. NDA to Broadcom). But I noticed people chatting about an open source bootloader for Raspberry Pi on sunxi-linux IRC channel. The bootloaded called rpi-open-firmware has been developed by Kristina Brooks (christinaa), who previously did some work on the VideoCore IV GPU, as you can see on her blog and github account. Kristina describe the project as follows: This is a small firmware for RPi VPU (VideoCore4) versions 1/2/3 that is capable of initializing VPU PLL (PLLC), UART, SDRAM and ARM itself. It’s intended to be used instead of stock bootcode.bin on RPi’s SD card. You need to have UART to see anything meaningful as far as output goes. This has been tested on RPi1 Model B (Hynix PoP DDR), RPi …

Support CNX Software – Donate via PayPal or become a Patron on Patreon