[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Raspberry pi safe?



On Wed, Apr 15, 2015 at 10:05:30AM +0100, Cathal (Phone) wrote:
> The SOC in a raspi is probably no worse than the rest,

I contest this claim.  BRCM SoCs are probably not the *worst* SoCs in
the market (that distinction probably belongs to Mediatek or a chinese
vendor we've never heard of) but they are almost certainly not in the
first ranks.

Unfortunately I can't make a strong argument as to which SoCs are in the
first rank.  I'd give some of the TI chips a higher chance, but
brand-hunting is not the route to safety -- some of the TI chips are
almost certainly as bad or worse.

I am concerned about the following --

1. existing SoCs CPUs certainly have errata (known errors or
undocumented "features") that are not disclosed to the public, and never
fixed in patched chip releases.  Some of these are likely to cause
security issues.  Previous SoCs (circa 2008) have had undisclosed bugs
in instruction decode allowing privilege elevation, for example.  Even
Intel and AMD, who have a *much* larger team working on these systems
than places like Broadcom and Mediatek, still manage to ship security
bugs from time to time... I don't give BRCM much of a chance of shipping
bug-free silicon.

2. SoCs contain a multitude of "Intellectual Property Blocks" such as a
DRAM controller, an Ethernet controller, USB, SATA, AC97 Audio, etc.
These are all connected together by an interconnect bus.  Each block
comes from a different development group, often purchased from a
different company.  The company that sells you the SoC often doesn't
even know what the features and bugs of their purchased IP cores
*are*... and that undocumented ethernet core may well have a "feature"
that would allow arbitrary access to the interconnect.

3. SoC interconnects don't have much in the way of security.  When the
Ethernet controller bug lets a Evil Packet onto the interconnect, it's
probably just a hop skip and a jump to main memory.

-andy