[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Raspberry pi safe?
A stand-out problem with trust in Broadcom SOCs like RasPi is the massive binary bootloader. If there's a sploit it need not be hardware based, because there's plenty of room in there for a whole hypervisor arrangement, methinks.
On 17 April 2015 08:02:47 GMT+01:00, "Lodewijk andré de la porte" <[email protected]> wrote:
>2015-04-15 18:05 GMT+09:00 Cathal (Phone)
><[email protected]>:
>
>> The SOC in a raspi is probably no worse than the rest,
>
>
>This is what I'm most concerned about! I think the Intel platform is
>too
>big to not be exploited (more or less) on the hardware level. I have a
>very
>little better feeling about AMD but I don't think it's based on much.
>
>The idea that ARM processors are much much smaller and therefore easier
>to
>audit makes them less attractive exploit targets. That, and that
>they've
>only recently come into use, are build by smaller companies, etc. When
>you
>build a SOC around it, well, that's kind of asking for trouble!
>
>The best avoidance method I've come up with so far is taking two units,
>(bitbanging) I2C (or whatever) over the IO pins to do "networking" from
>one
>to the other, connect one to the Internet and the other exclusively
>over
>those IO pins. That way, whatever exploit is present is VERY unlikely
>to be
>triggered. It's... still not 100% of course.. If the exploit is on the
>relevant IO pins, well, it just might be trigger-able by manipulating
>the
>network traffic. Maybe write high every so many bits just to meddle?
>It's
>closer then anything else, anyway.
>
>
>As for less paranoid exploits, you have to tell us the threat model!
>(the
>cell shield will very likely be remote exploitable, but only by the
>really
>bad goodies)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20150417/02ece4e4/attachment.html>