16:19 <apritzel> Hi, can I get some opinions on what people expect from "Secure boot" on Allwinner devices?

16:20 <apritzel> Shall we aim at full support for this in the firmware and kernel?

16:20 <apritzel> Or is this some toy project for some curious people, since it's borken anyway?

16:22 <gamiee> apritzel: well, very good question. I actually would like to have Secure boot support in kernel, but since it's broken (and looks like really easy to bypass), I think it really doesn't makes sense to have it implemented

16:22 <apritzel> (since the SID becomes inaccessible from Linux and U-Boot proper, we need to find replacements for nvmem to support THS/DVFS and the MAC generation, for instance)

16:24 <gamiee> Like, if someone knows that SD card boot priority on AW SoCs is first, it's very huge chance that he will be able to use FEX to load custom bootloader (and bypass signing check) too, so basically, it's probably not worth of the time (by my opinion)

16:28 <gamiee> Like, if someone knows that SD card boot priority on AW SoCs is first, it's very huge chance that he will be able to use FEL to load custom bootloader (and bypass signing check) too, so basically, it's probably not worth of the time (by my opinion)

16:42 <jernej> apritzel: I would put big fat warning somewhere about downsides, so people know what to expect

16:43 <jernej> I would not like that people would enable it just becase it says secure

16:43 <jernej> and then people would start complaining about things that don't work

16:45 <jernej> anyway, let's not make it default choice

16:45 <apritzel> definitely not!

16:45 <apritzel> it actually gets slightly more secure at runtime, because now the SPC works, and SRAM A2 is inaccessible from Linux, for instance

16:46 <jernej> with SPC you mean SCP? ARISC?

16:46 <apritzel> Secure Peripherals Controller

16:46 <jernej> ah...

16:47 <apritzel> the one that can switch devices to secure-only

16:47 <apritzel> you can do this already, but it is not honoured by the system

16:48 <apritzel> I have a half-way finished TF-A patch for the MAC problem, and some ideas for the nvmem SID issue, just wanted to know if it's worth working on that

16:48 <apritzel> and there might be other issues lurking in the shadows

16:50 <jernej> there is some interest from people to have secure boot, but from what I saw, they are not aware about level of security nor what that brings

16:51 <apritzel> yeah, that's my worry, if that's the only reason to have it, it's not really worth it

16:51 <apritzel> and apart from that (now quite oldish) Remix Mini I wouldn't be aware of any device shipped with the secure fuse burnt?

16:52 <jernej> I'm not aware of any apart from Remix

16:52 <jernej> not even Nintendo, right?

17:08 <apritzel> the Nintendo seems indeed to be non-secure (there is a defconfig for it in U-Boot)

18:21 <tuxd3v> hello guys, does any one knows how to get hardware camera video encode?

18:21 <tuxd3v> on H3?

18:21 <tuxd3v> I have this:

18:21 <tuxd3v> https://paste.debian.net/hidden/44e6e65c/

18:28 <gamiee> tuxd3v there isn't hardware video encoding in mainline kernel (yet)

19:25 <tuxd3v> gamiee, is there any patch for it?

19:25 <tuxd3v> thanks in advance

19:26 <gamiee> tuxd3v: as far as I know, nobody works on it (except me, but it's far away from being finished, I'm still just reversing the blobs)

19:45 <jernej> gamiee: I thought that all important parts are reversed?

23:06 <MoeIcenowy> apritzel: Nintendo uses R16, no SB yet.