Piraty_ has quit [Remote host closed the connection]
Piraty has joined #openwrt-devel
<stintel>
he'll read it, he usually follows the logs
<stintel>
so I have a working openthread network, on openwrt, I'll make a draft PR for packages feed
<stintel>
need to sort a bunch of things out, it's not a trivial protocol
<stintel>
but I was able to join one OpenWrt into the thread network running on another
<hauke>
stintel: nice, so it is possible to directly talk with lightbulbs?
<Habbie>
stintel, cool!
goliath has joined #openwrt-devel
<stintel>
hauke: don't have any light bulbs, I got an eve motion and eve energy because they were all on about thread on their site, but they require their ios only app to configure
<stintel>
I heard some zigbee devices might be possible to conver to thread
<stintel>
need to investigate
<stintel>
but I have 2 nRF52840 sticks, one is leader the other joined and is now router, can ping each other (the joined/router has no ethernet atm due to missing tg3 module on the firmware image so that proofs the communication really works over thread :P)
<stintel>
I will prepare the PR and make it with draft status, some people were asking about it, and I need to submit a patch for the luci code
<stintel>
had a lot of wtfs this weekend :P
<stintel>
but the basics are working
Guest505 is now known as foxtrot
Piraty has quit [Remote host closed the connection]
<Habbie>
doe techinfodepot sync with wikidevi.wi-cat.ru/ ?
<hurricos>
They do so manually :P
<Habbie>
ack :)
<hurricos>
Seriously, if anyone wants to live in the same hall of fame as https://thrangrycat.com/ does, go hit up that thread
<hurricos>
Xilinx FPGAs are either easier or harder, depending on how you look at them, as the FPGA's state has to be loaded on every boot
<hurricos>
whereas the SmartFusion2's are solid-state
<hurricos>
if you do this, you will unlock a wide swath of devices, whose bootloader flash is only secured because it flows through these FPGAs, to porting to OpenWrt
robimarko has joined #openwrt-devel
<hurricos>
this is 2012-era boot security, you can defeat it :D
<hurricos>
(trying to rummage someone who has any idea how to even begin this attack ;P)
<robimarko>
hurricos: I am just looking at the link you posted regarding that
<hurricos>
FPGA's JTAG is populated!
<hurricos>
top left/middle
<hurricos>
2 x 5
<hurricos>
I gave documentation in the post about how the JTAG is ordinarily driven, it may be the case that Meraki has not checked every lock
<robimarko>
Cant say that I am familiar with these devices and/or the security flow
<hurricos>
It's a lot of reading but all of Microsemi's documentation is there
<hurricos>
and a great summary is available from EmbeddedComputing.com
<hurricos>
tl;dr the FPGA SoC sits on SPI pins. On power-up, it is running immediately. It either boots the CPU or just responds to CPU Bootrom (likely the latter) when the CPU requests data from SPI. It validates the SPI flash it's attached to.
<robimarko>
Ok, I was just about to ask that
<robimarko>
So, they seriously wasted money on an FPGA for this
<hurricos>
Microsemi markets it for this exact purpose fwiw
<hurricos>
they claim "you're already putting an FPGA+SoC on your board, for things you'd use an EC on. Why not use one that can protect flash?"
<hurricos>
easy answer is, rip out the FPGA and hardwire, but that's labor-intensive
<hurricos>
and might not work if the M2S005 is doing other things
<robimarko>
Have you tried connecting to the JTAG?
<hurricos>
I have not, I should get myself an FTDI and try to set up OpenOCD.
<robimarko>
Cause, if they forgot to protect the FPGA(Doubt it), it may be possible to burn a bitstream that does nothing
<robimarko>
Just forwards the SPI data
<hurricos>
btw, microsemi claims you need to "have a development environment and the secret key to rewrite the FPGA"
<hurricos>
roughly speaking
<robimarko>
That is what I was afraid of
<hurricos>
But again, depends on what's been locked, etc.
<robimarko>
Unless they messed that process up
<hurricos>
Right.
<hurricos>
I don't have the knowledge or resources to attack this but it's used on multiple arches' worth of Meraki boards
<robimarko>
hitech95: are you here?
<hurricos>
e.g. some Armada 375 stuff (MS120), this guy (MX67/67)
<hurricos>
68*
<robimarko>
hurricos: My knowledge and interaction with FPGA-s is extremely limited
<hurricos>
No problem. These ones are quirky too. My gut is to trace everything it uses into kicad, verify it's only moving around non-critical components, and then take a hammer and screwdriver to it
<hurricos>
center it and bang
<hurricos>
then bridge SPI
<hurricos>
call it a day
<robimarko>
I do have a special hatred towards "security" by vendors
<PaulFertser>
Usually people call FPGA devices with external flash memory for storing bitstream.
<hurricos>
but it certainly seems integrated into other things, looks like that clock ic is connected to the FPGA for example
<PaulFertser>
And CPLDs have integrated memory.
<hurricos>
Interesting. I think Mircosemi had some marketing going on here too :P
<PaulFertser>
It's mostly a matter of convention. They're all PLDs. It's just usually assumed that FPGA has more cells and external (commonly SPI NOR) to store the bitstream.
<PaulFertser>
BTW, Microsemi violates OpenOCD GPL by shipping a non-compliant OpenOCD fork.
<hurricos>
robimarko: your thought RE: using FPGA block to do dirty stuff to skip verification was picked up by thrangrycat people -- https://thrangrycat.com/ -- to deal with Cisco's other external secureboot implementation
<hurricos>
(The TAm)
<hurricos>
I say Cisco's other, but Meraki's teams seem to be separate
<hurricos>
See, I'm curious if someone might find out that Microsemi's secrets are not so secret after all ;)
<hurricos>
"Single key for all hardware"
<hurricos>
PaulFerters: > OpenOCD GPL non-compliance by Microsemi < not surprised.
<hurricos>
part of the reason I want to see this target burn
<hurricos>
they've been marketing on their own security for the last nearly a decade
<hurricos>
time for that to fall imo
<hurricos>
Just hoping that someone has the knowledge to tackle. I assembled documentation as best I could :^)
<hurricos>
be back ...
<robimarko>
This kind of stuff is usually just waiting for somebody with a grudge to break it
<robimarko>
But those HW people are rare
<stintel>
how do you mark a PR as draft?
srslypascal is now known as Guest737
srslypascal has joined #openwrt-devel
<robimarko>
stintel: You can choose it during PR creation if WEB UI is used
<Habbie>
you can also do it later
<stintel>
I didn't find it during, neither after
<Habbie>
I see 'Still in progress? Convert to draft' under Reviewers in the right sidebar