<paulk-collins>
I was told that the exynos 5800 peach-pi allows booting an unsigned first stage bootloader, is that correct?
<paulk-collins>
as-in, using the U-Boot SPL directly instead of Samsung's BL1
<Wizzup>
That I do not know. I would be interested if that was the case
<paulk-collins>
so would I :)
<paulk-collins>
anyone around here with peach-pi?
<sjoerd>
paulk-collins: if you update the flash you probably can
<sjoerd>
(boot the SPL)
<sjoerd>
though i thought the bl1 stage would be the one turning of the signature requirement
<paulk-collins>
sjoerd, it does boot off a SPI flash, doesn't it?
<sjoerd>
it does indeed
<paulk-collins>
sjoerd, well I'd really like to run the SPL at first, not chainloaded
<javier__>
paulk-collins: I don't believe u-boot SPL can be booted directly since the BL1 does some pre boot init
<javier__>
paulk-collins: remember that u-boot SPL is BL2
<sjoerd>
while bl2 is the u-boot SPL
<javier__>
sjoerd: nod
<sjoerd>
javier__: you beat me to it :)
<javier__>
sjoerd :)
<paulk-collins>
right, but I'd want to find out whether it's possible (provided we add the missing bits of hw init to the U-Boot SPL) or whether BL1 is signed by samsung
<sjoerd>
pretty sure bl1 is signed
<paulk-collins>
an easy way to find out would be to change a string in BL1
<paulk-collins>
right, I was too, but was recently told it's not the case on this particular device
<sjoerd>
You could drop sjg1 a mail given he did the u-boot enablement for the peach
<paulk-collins>
he probably knows indeed :)
<paulk-collins>
anyways, I was hoping it would be kind of a known fact
<paulk-collins>
perhaps the person I was talking too mixed things up and really meant that the U-Boot SPL could be chainloaded from BL1
<paulk-collins>
talking to*
<javier__>
paulk-collins: I don't know tbh, if I would have to guess, I would say that BL1 is signed by samsung and just a binary provided to Google that they used
<paulk-collins>
if BL1 is indeed used on the device, that sounds likely
<paulk-collins>
also, I had never heard of exynos platforms not enforcing signature checks before
<javier__>
paulk-collins: now, the verified boot is implemented in u-boot afaik
<javier__>
and that can be replaced by disabling the SPI flash wp
<paulk-collins>
javier__, you mean cros vboot?
<javier__>
yeah
<paulk-collins>
right
<paulk-collins>
I am fully aware of that part :)
<javier__>
paulk-collins: Ok, sorry for stating the obvious then
<javier__>
I'm just trying to understand what your goal is :)
<paulk-collins>
javier__, oh don't worry, I would certainly have liked to hear about it if I hadn't known about it!
<paulk-collins>
Well, I'm interested in running devices with free software, so having free bootloaders is part of that
<paulk-collins>
sadly, most exynos chromebooks don't qualify
<sjoerd>
tbh i just see the bl1 as essentially part of the ROM
<sjoerd>
Or do you hae SoC for which you can get the ROM code ? :)
<javier__>
sjoerd: agreed
<javier__>
just like most HW have also internal firmwares so in practice is imposible to not run proprietary software
<paulk-collins>
sjoerd, well, I don't see it being part of the ROM code being any less of an issue to be honest
<sjoerd>
but yeah the bl1's most folks ship only chainload signed SPLs which is very annoying
<paulk-collins>
of course
<javier__>
sjoerd: IIRC, that's not the case for the Chromebooks (i.e: you can replace the SPL if you want)
<paulk-collins>
but some devices perform better than others regarding to freedom, so I prefer to focus on the ones that are better
<sjoerd>
javier__: indeed
<paulk-collins>
so if we can limit non-free software to burned bootrom code, the better :)
<sjoerd>
oh sure
<paulk-collins>
also, having a non-free components in the spi flash makes it difficult to have free software distributions for that (e.g. libreboot)
<paulk-collins>
(even though in practice we can only replace part of the flash contents, it's always better to ship a full images)