rellla changed the topic of #linux-sunxi to: Allwinner/sunxi /development discussion - did you try looking at our wiki? https://linux-sunxi.org - Don't ask to ask. Just ask and wait! - https://github.com/linux-sunxi/ - Logs at http://irclog.whitequark.org/linux-sunxi - *only registered users can talk*
asdf28 has quit [Ping timeout: 240 seconds]
Mangy_Dog has quit [Ping timeout: 264 seconds]
<apritzel> jernej: boot0 gives me this: "[5894]DRAM SIZE =1024 MBytes, para1 = 30fa, para2 = 4000000, dram_tpr13 = 6041", did you put these values somewhere, couldn't find them as such?
<apritzel> also compared the PHY dumps again, it seems like the differences are due to the skipped calibration and training
<apritzel> I see values in PHY registers that suggest that read and write training is happening on the OPi-Zero2
<apritzel> jernej: I inserted delays everywhere, to no avail
<apritzel> also I figured that the region at PHY0_BASE + 0x780 looks different, it's all 0x7 in boot0. Changed this in the SPL code, but no effect
<apritzel> read calibration still fails very early
apritzel has quit [Ping timeout: 240 seconds]
synack has joined #linux-sunxi
Ecco has quit [Ping timeout: 260 seconds]
rzerres has quit [Ping timeout: 256 seconds]
rzerres has joined #linux-sunxi
lkcl has quit [Ping timeout: 264 seconds]
lurchi_ is now known as lurchi__
ChriChri_ has joined #linux-sunxi
kaspter has joined #linux-sunxi
ChriChri has quit [Ping timeout: 240 seconds]
ChriChri_ is now known as ChriChri
cnxsoft has joined #linux-sunxi
lkcl has joined #linux-sunxi
victhor has quit [Ping timeout: 268 seconds]
huawei has quit [Quit: ZNC - https://znc.in]
huawei has joined #linux-sunxi
gaston1980 has quit [Quit: Konversation terminated!]
JuniorJPDJ has joined #linux-sunxi
jernej has quit [Quit: Free ZNC ~ Powered by LunarBNC: https://LunarBNC.net]
jernej has joined #linux-sunxi
_whitelogger has joined #linux-sunxi
camus has joined #linux-sunxi
kaspter has quit [Ping timeout: 256 seconds]
camus is now known as kaspter
camus has joined #linux-sunxi
huawei has quit [Quit: ZNC - https://znc.in]
huawei has joined #linux-sunxi
kaspter has quit [Read error: Connection reset by peer]
camus is now known as kaspter
putti_ has joined #linux-sunxi
Naaka has joined #linux-sunxi
Putti has quit [Remote host closed the connection]
Naka has quit [Read error: Connection reset by peer]
gediz539 has quit [Remote host closed the connection]
gediz539 has joined #linux-sunxi
willmore has quit [Ping timeout: 264 seconds]
_whitelogger has joined #linux-sunxi
willmore has joined #linux-sunxi
lurchi_ has joined #linux-sunxi
kaspter has quit [Ping timeout: 240 seconds]
camus has joined #linux-sunxi
lurchi__ has quit [Ping timeout: 246 seconds]
camus is now known as kaspter
<jernej> apritzel: para1: 0fa means 10 cols and 15 rows and 3 means 2^3 banks IIRC
<jernej> apritzel: para2: I know only bit 0 and 12, in this case full bus width (32-bit) and single rank, not sure what is that 4
<jernej> apritzel: not sure about tpr13, but on my board is also reported 6041
vagrantc has quit [Quit: leaving]
<jernej> apritzel: In such case when seemingly everything is correctly programmed but it doesn't work, I had to fix mode register writes
lkcl has quit [Ping timeout: 240 seconds]
<jernej> in your case they should be 0x840, 4, 8
<jernej> that is not visible in register dump
JohnDoe_71Rus has joined #linux-sunxi
_whitelogger has joined #linux-sunxi
lkcl has joined #linux-sunxi
_whitelogger has joined #linux-sunxi
reinforce has joined #linux-sunxi
apritzel has joined #linux-sunxi
sunshavi has quit [Ping timeout: 272 seconds]
asdf28 has joined #linux-sunxi
apritzel has quit [Ping timeout: 240 seconds]
lurchi_ is now known as lurchi__
kaspter has quit [Ping timeout: 272 seconds]
kaspter has joined #linux-sunxi
lkcl has quit [Ping timeout: 246 seconds]
lurchi__ is now known as lurchi_
lkcl has joined #linux-sunxi
cmeerw has joined #linux-sunxi
chewitt has quit [Quit: Adios!]
AneoX has quit [Ping timeout: 256 seconds]
ganbold__ has quit [Read error: Connection reset by peer]
AneoX has joined #linux-sunxi
ldevulder_ is now known as ldevulder
ganbold has joined #linux-sunxi
lkcl has quit [Ping timeout: 256 seconds]
lkcl has joined #linux-sunxi
hramrach has quit [Ping timeout: 272 seconds]
yann has joined #linux-sunxi
kaspter has quit [Ping timeout: 272 seconds]
kaspter has joined #linux-sunxi
matthias_bgg has joined #linux-sunxi
apritzel has joined #linux-sunxi
eduardas has joined #linux-sunxi
chewitt has joined #linux-sunxi
lurchi_ has quit [Quit: Konversation terminated!]
bauen1 has quit [Quit: Lost terminal]
bauen1 has joined #linux-sunxi
victhor has joined #linux-sunxi
Mangy_Dog has joined #linux-sunxi
sunshavi has joined #linux-sunxi
camus has joined #linux-sunxi
kaspter has quit [Ping timeout: 240 seconds]
camus is now known as kaspter
arti_ is now known as arti
Mangy_Dog has quit [Ping timeout: 256 seconds]
cnxsoft1 has joined #linux-sunxi
cnxsoft has quit [Ping timeout: 256 seconds]
sunilmohan_ has quit [Ping timeout: 256 seconds]
sunilmohan has joined #linux-sunxi
sunilmohan has joined #linux-sunxi
JohnDoe_71Rus has quit [Quit: KVIrc 5.0.1 Aria http://www.kvirc.net/]
fl_0 has quit [Ping timeout: 260 seconds]
fl_0 has joined #linux-sunxi
popolon has joined #linux-sunxi
gaston1980 has joined #linux-sunxi
kaspter has quit [Quit: kaspter]
reinforce has quit [Quit: Leaving.]
cnxsoft1 has quit [Quit: cnxsoft1]
<willmore> Wow, the channel has been full of really meaty conversations recently. Great work, everyone!
netlynx has joined #linux-sunxi
netlynx has joined #linux-sunxi
JohnDoe_71Rus has joined #linux-sunxi
tuxd3v has joined #linux-sunxi
ChriChri has quit [Ping timeout: 264 seconds]
ChriChri has joined #linux-sunxi
sunshavi has quit [Quit: nil]
night199uk has quit [Ping timeout: 244 seconds]
warpme_ has quit [Quit: Connection closed for inactivity]
lkcl has quit [Ping timeout: 256 seconds]
night199uk has joined #linux-sunxi
Naaka is now known as Nakaori
lkcl has joined #linux-sunxi
sunshavi has joined #linux-sunxi
matthias_bgg has quit [Quit: Leaving]
Mangy_Dog has joined #linux-sunxi
yann has quit [Ping timeout: 264 seconds]
<jernej> montjoie: Can you confirm that 5.9.11 has fixed regulator issue? it works on my R40 board
<montjoie> jernej: let me build&boot
<montjoie> jernej: seems ok
<jernej> great
<jernej> 5.9.11 log shows some regulator related fixes
AneoX has quit [Quit: Textual IRC Client: www.textualapp.com]
putti_ is now known as Putti
night199uk has quit [Ping timeout: 240 seconds]
night199uk has joined #linux-sunxi
yann has joined #linux-sunxi
yann has quit [Ping timeout: 272 seconds]
apritzel has quit [Ping timeout: 260 seconds]
yann has joined #linux-sunxi
lucascastro has quit [Ping timeout: 256 seconds]
lurchi_ has joined #linux-sunxi
lucascastro has joined #linux-sunxi
lucascastro has quit [Ping timeout: 260 seconds]
ldevulder_ has joined #linux-sunxi
yann|work has joined #linux-sunxi
lurchi_ is now known as lurchi__
ldevulder has quit [Ping timeout: 265 seconds]
yann has quit [Ping timeout: 265 seconds]
lkcl has quit [Ping timeout: 246 seconds]
netlynx has quit [Quit: Ex-Chat]
gaston1980 has quit [Quit: Konversation terminated!]
hlauer has joined #linux-sunxi
lkcl has joined #linux-sunxi
yann|work has quit [Read error: No route to host]
yann|work has joined #linux-sunxi
eduardas has quit [Quit: Konversation terminated!]
yann|work has quit [Read error: Connection reset by peer]
yann|work has joined #linux-sunxi
JohnDoe_71Rus has quit [Quit: KVIrc 5.0.1 Aria http://www.kvirc.net/]
apritzel has joined #linux-sunxi
<bauen1> does anyone know what the connector for the rtc battery is called ?
<bauen1> i suspect it's an "jst-ph 2.0" ?
<buZz> 'the' rtc battery? :P
* buZz scrolls up but sees no context
<bauen1> buZz: sorry, i mean the connector on the pine h64 or pine64-lts ?
<buZz> i googled 'pine64 lts rtc battery connector'
<buZz> and first hit says jst ph 2.0
<buZz> (on the second page of the forum thread)
lurchi__ is now known as lurchi_
<bauen1> well thanks lol
yann|work is now known as yann
<willmore> buZz, I was looking for RTC batteries for some Odroid boards a while back and spent a lot of time trying to find out the connector only to find out that "BIOS battery" returns CR2032 cells with the right connector. I guess that same connector is pretty much standard on everything, everywhere. I ordered a bunch and went around adding them to a dozen boards that I had--different brands, etc.
<willmore> Everything used the same connector.
<buZz> nice
<willmore> Yeah, I was shocked.
<buZz> last time i had a 'bios battery' it was just 4 dupont pins
<willmore> Sometimes 'standards' are where you least expect them.
<willmore> I've never seen a 4 pin one. I've seen Rpi add on RTC boards with batteries that take four pins--power, ground, and two I2C lines.
<willmore> But that's the whole RTC+battery on the board, not just a battery.
<willmore> Didn't really add any functionality for almost all of the boards as, since they most often don't have batteries, the distros on them don't expect the RTC to be valid at startup, so they just set it via network anyway. Since all of my boards are on the network....
lurchi_ is now known as lurchi__
<buZz> willmore: well, this was x86 land, pre-pentium1 days
<bauen1> i'm trying to not spend a furtune just on 2 rtc batteries
<KotCzarny> aliexpress can give you 10 for 5usd
<KotCzarny> ;)
<KotCzarny> or similar
<willmore> buZz, ahh, gotcha. I only ever rememeber the horrible three pin soldered NiCd and NiMH cells and then socketed CR2032 cells.
<bauen1> oh nice i didn't remember to check that
<willmore> bantu, yeah, I got them on ali for nothing. That's why I bought a bunch.
<willmore> bauen1, title was: "New Backup CR2032 2032 Battery Wire 2 pin Laptop Motherboard BIOS CMOS Battery With Wire Disassemble Battery" Not sure how many of those keywords will be needed, but it was $1.19 for 5 *shipped*.
<willmore> The auction page is dead, so I can't give you a direct link, but I remember finding a lot of them.
elros1 has joined #linux-sunxi
<willmore> I just picked the cheapest and bought a bunch.
<KotCzarny> there are sometimes weird connectors too
<KotCzarny> so better check the pictures too
<willmore> True, but I didn't see any with different connectors when I looked. That's part of what surprised me. I was expecting to have to find ones with the right connector, but nope.
<KotCzarny> i've seen 3 pin ones too (with 2 pins used)
<willmore> That would be smarter than two pins. I'm never comfortable when I see two power pins right next to each other. Darn UL code in the back of my brain.
<KotCzarny> but really, if one is handy with iron, just cannibalize some old laptop for connector and get the cr2032 locally
<willmore> KotCzarny, do not solder to Li cells!!
<KotCzarny> :>
<KotCzarny> yeah, those are tricky bastards
<KotCzarny> you can get away with some electrical tape too
<bauen1> i just need a solution for testing (and maybe "production") that's a little more reliable than trying to force jumper cables into the connector
<bauen1> which was enough for a simple PoC (after 10 tries) but not if i want to test my setup a bit more
<KotCzarny> there are also sockets for cr2032 available
<KotCzarny> you can solder connectors to them
<KotCzarny> old motherboards are a nice source of them
<bauen1> i don't currently have a soldering iron :/
<KotCzarny> borrow one?
<KotCzarny> at school/work ?
<bauen1> well university is _closed_
<bauen1> and i don't really have any one else to ask right now
<willmore> bauen1, what do you need the battery for?
<KotCzarny> just saying, because ali is ~2 weeks of wairing
<KotCzarny> *waiting
<KotCzarny> unless you find a store that warehouse somewhere in eu/us
<willmore> KotCzarny, you must be much closer to CN than me. It's usually 3 to 4, sometimes 6-10.
<willmore> And then you'll have to pay shipping.
<bauen1> yeah, but once this semester is over (march next year) i'll have a lot more time and will probably start working / buying proper tools
* willmore puts in a good word for the TS100.
<KotCzarny> willmore: really just depends on the store and luck, sometimes its <10days, sometimes closer to 60
<bauen1> willmore: i've posted a lot of details here, but basically it's about making a secure system, or "patching" the sbrom
<KotCzarny> bauen1: but doesnt that mean that anyone having access to your board can unplug the battery?
<willmore> KotCzarny, I've gotten stuff in 2 weeks, but it was more expensive items where the seller seemed a bit more motivated to complete the sale and make sure I get the product undamaged. Cheap stuff like batteries would take over 4 weeks if I did it again.
<willmore> bauen1, oh, yes, that. I've been following that. Excellent work!
<bauen1> KotCzarny: the idea is that the RTC power will "persist" a few bytes of memory
<bauen1> KotCzarny: part of that are ~0x30 bytes general purpose and a few flags related to the cpu 0 hotplug mechanism
<willmore> If you'd like a suggestion for what to do, find/buy a 2AA or 2AAA cell holder and scavange up the little connector. You can just wrap the wires together for now. Then ball it up in electrical tape.
<willmore> Which side of the pond are you?
<bauen1> KotCzarny: so i've written a tiny bit of code (~0x20 bytes) for the general purpose registers that will copy the sbrom and patch it to make it more secure, then configure the hotplug flags to divert the control flow to this code early on
<bauen1> KotCzarny: then a secret key can be stored in the last 0x10 bytes
<bauen1> KotCzarny: so to clear the hotplug flag (and execute the vulnerable sbrom) you need to unplug the rtc, but unplugging it also erases the secret
<bauen1> the secret would most likely be some sort of decryption key
<bauen1> willmore: i already bough some batteries for ~2.2€ just now supposed to arrive at the 2. december
<willmore> Oh, that's plenty fast, then.
<willmore> Doubt I could get one to you much faster than that.
<bauen1> thanks
<willmore> No problem. It would have been nice to support your work.
<willmore> Thank goodness for for autocomplete of nic's in hexchat or I'd never get KotCzarny's nic right.
<KotCzarny> :)
<KotCzarny> Kot Czarny
<bauen1> KotCzarny: of course it's still vulnerable to various side channel attacks or poking lasers at it, but that probably costs more than my attacker can afford (or justify in the case of the local justice system
<KotCzarny> easy
<willmore> My brain wants to call you CatCrazy for some reason. :)
<KotCzarny> willmore: not that far, Kot is a Cat ;)
<KotCzarny> bauen1: wouldn't normal encrypted volume suffice then? with password entered during boot
<willmore> Hey, brain sort of work!
<willmore> KotCzarny, then you have a MITM/evil maid vulneratiblity.
<bauen1> ^ that
<KotCzarny> some usb key with fingerprint scanner ?
<willmore> What was the poisoned hypervisor attack on Intel called? Blue something...
<bauen1> now you still want to enter another password to prevent other attacks or make them more costly, like stealing the system and poking lasers at it
<KotCzarny> well, in your case you get security by obscurity, as your solution is unique
<bauen1> true lol
<willmore> So, you have an ephemeral key on the device which is used to encrypt some data. To access the data, you have to prove to the device that you, too know the secret via ZNP or something. Or, I guess, that authentication can use data stored in the encrypted volume.
<willmore> The important part is that the volume and key die if the device is fiddled with.
<KotCzarny> i've already suggested that, microexplosives
<KotCzarny> :)
<willmore> though 128 bits is a bit light these days for a key. But should be enough to outlast that CR2032. :)
<bauen1> willmore: it's simpler, the secret in the rtc is used to decrypt blob A, A contains information that can be used by the chip to authenticate itself to you and an encrypted blob B, the user verifies that the chip can proof who he is and then enters the decryption key (password) for blob B
<willmore> You can deny access to the valid user more simply than explosives...
<willmore> That's actually more complex. ;) But I get it.
<bauen1> willmore: in theory you can use all of the 0x30 bytes by writing to code to SID and then pointing the hotplug at the SRAM copy made by the SID
<bauen1> willmore: how is that more complex ? (perhaps the chip proofing who he is is a bit complex, but basically nothing else than TOTP)
<willmore> bauen1, it's more stages than I was thinking of, but it's the same process, so I understand what you mean.
<bauen1> this all still won't really prevent the 5$ wrench to the head method
<KotCzarny> or 15 years in prison
<KotCzarny> :)
<willmore> Yeah, rubber hose crypto has always proven to be very effective.
<KotCzarny> also pretty effective
<bauen1> and there's still the problem of a networked mitm attack
<willmore> I assumed this was for local access.
<willmore> If it's for remote, then you may have to use my method where the key is used to unlock a local encrypted volume which can contain further keying material (PK, etc.)
<bauen1> willmore: networked mitm is a form of a local mitm, you just take the target device and replace it with a fake that relays e.g. display / keyboard from / to the original
<willmore> If you're trying the local method, then you can use other methods to verify the device isn't MITM for some other box--no wires, Farady cage, etc.
<willmore> maybe I need to better understand the intended function of your device.
<willmore> It's got to be pretty late there. I need to go start thinking of what to feed the family. You take care!
<bauen1> willmore: i've also done a bit of math, and you could use a (fast) processor to verify that another (fast) processor is within a certain physical proximity, by using the speed of light and the time it takes to perform a signature and measuring the latency
<bauen1> so in theory if you have a trusted computer (with a fast processor) and you take your device you want to check to a location where nothing malicious is in e.g. a 30m radius you can verify it
<bauen1> willmore: sure we can continue some other time
<KotCzarny> i wonder if tpm chip could help your case (connected via spi)
<bauen1> willmore: i'm just trying to get as close as i can get to a system secure against physical access, i.e. defeating MITM attacks ; i kind of adjust my threat model once i figure out a somewhat decent solution to the problem(s)
<bauen1> KotCzarny: i originally started with thinking about a system with a tpm, but if you have local access you can (almost always) just spy on the bus
<bauen1> if you want to prevent a rogue root process from overwriting the kernel to bypass security checks or something like that it works
lucascastro has joined #linux-sunxi
jbrown has quit [Ping timeout: 272 seconds]
elros1 has quit [Remote host closed the connection]
cmeerw has quit [Ping timeout: 272 seconds]
asdf28 has quit [Ping timeout: 240 seconds]
jbrown has joined #linux-sunxi
<apritzel> bauen1: I once ordered a bunch of "Micro JST 2.0 2-pin" with 12cm of cables already attached of eBay, fits like a glove
<apritzel> it's "JST PH", to be exact
<apritzel> bauen1: seems like Conrad has them, it seems to be some kind of standard in the RC model world
Ntemis has joined #linux-sunxi
gaston1980 has joined #linux-sunxi
hlauer has quit [Ping timeout: 256 seconds]
yoq has joined #linux-sunxi
<yoq> bauen1: have you measured RTC power consumption? the figures I've seen for the A20 were not exactly stellar: https://groups.google.com/g/linux-sunxi/c/kljkGtihw9M/m/4AMTbvGc2GEJ
<yoq> for comparison: a standard I2C RTC runs a 32k crystal on ~300nA, so effectively the self-discharge rate of the coin cell limits lifetime to 1-2 decades
yoq has quit [Remote host closed the connection]
qschulz has quit [Remote host closed the connection]
qschulz has joined #linux-sunxi
<apritzel> yoq: you seem to be the PDF master, can you upload the OrangePi Zero 2 schematic to the wiki?
<apritzel> yoq: not sure what Orange Pi's policy is regarding this ...
<apritzel> jernej: boy that was annoying! TF-A runs now on the H616, but the code is in a separate directory for now
<apritzel> the MMU mapping is not only different, but destroys this compact VA space trick we use on the other SoCs, to save memory
<apritzel> now need to figure out how I can merge this back without making an ugly mess out it
<apritzel> smaeul: when BL31 runs in DRAM, we need at least 31 bits of VA, as the code needs to live in an identity mapping
<apritzel> smaeul: now we have plenty of memory for page tables, but still need to make this co-exist with the MMU setup for the other SoCs, which lives in common/