How secure are Allwinner SOC we use in our OLinuXino boards?

From time to time customers ask us:

You are using Chinese SOCs. I’ve heard that Chinese government forces all Chinese vendors to place back-doors in their SOCs which to spy on you. Can you guarantee that your Linux boards have no back doors to spy on us”

I already posted about Linux-Sunxi community, which develops the Allwinner SOC mainline Linux support. What I forgot to mention is that most of the SOC features and tuning they do is done almost without any official help or documentation from Allwinner and based mostly on tips from Allwinner employees and reverse engineering.

I do remember A20 CAN module was not mention at all as existent in Allwinner datasheets at the beginning and Linux-Sunxi developers found it while hacking the chip.

So I will have to disappoint people, who believe in such myths that no, A20 chips are for quite some time now and there is nothing hidden inside, even the Boot ROM which resides in the SOC internal ROM code and is executed first is disassembled and known code.

This for sure do not give any warranty that these SOCs are bug free and that someone latter may not find and exploit some bugs (I already wrote about the level of the SOC software developers in my previous post) and to create back door to install malware or spyware, but this is not done intentional and IMO above the capacity of the software developers working in the SOC vendors.

I still do remember Allwinner released few years ago SDK where they were forgotten to remove the debug flags and if you send message “rootmydevice” to /proc/sunxi_debug/sunxi_debug, you get root privileges, but was this intentional and forced by Chinese government? I doubt so.

We build our Linux Images from Armbian project sources using their repositories and our images has MD5, so if you load our Linux Images and use in our boards we are sure there are no back doors. I know the guys who are behind Armbian project and I can guarantee they do not work for the Chinese government.

Now you can say if you found undocumented CAN inside the SOC, there may be other undocumented modules as well which to spy on us. Yes, this is possible, but even if there are such hidden resources the software we run on the SOC does not take advantage of them and activate them, you can always monitor your USB/LAN etc traffic packets and see what information go outside the chip and so far for the last 6 years A20 is existent no one ever has detected such suspicious traffic.

Why we have so many OLinuXino Linux SBC with Allwinner SOCs

Many people ask us why we do OSHW boards with Allwinner SOCs and ignore other vendors. Allwinner do not do the best SOCs on the Chinese makers. Their software support is mostly about Android and are with proven GPL violations records.

The reason is simple – because the Linux-Sunxi community is the biggest and most friendly and if there is problem you have place where to ask for help or advice.

Most of the Allwinner SOC Linux mainlining work is not done by Allwinner software engineers but Linux-Sunxi community.

We want our boards to run Linux, and when we say Linux we mean mainline, not Linux 2.6 (what was the Freescale official iMX2XX, where all decent kernel work is also done by the community) neither Linux 3.X with patched Android kernels and binary blobs which usually all Chinese vendors provide.

This is why we are not interested to do something on these new SOCs which pop every 6 month and basically has nothing to offer differently as software support. We wait and release our boards when there is proper Linux support which we test or do not consider to waste our time on them.

Linux-Sunxi community was created naturally around 7 years ago after Luke Kenneth Casson Leighton rised a lot of noise for the new and cheap Allwinner A10 processor and later Tom Cubie (ex-employee of Allwinner) start to deliver some A10 based TV boxes to interested developers and revealed some inside “secrets” to the people who were gathered around the “ARM netbook project” which LKCL never delivered, but this is another story. At some point the developers just separated and formed what we know now as Linux-Sunxi. Since then Linux-Sunxi community is growing and is very active compared to all other SOCs communities and many talented Linux developers are contributing on daily basis. The Linux-Sunxi Allwinner SOCs mainlining efforts are here.

Unfortunately SOC vendors never have been good at writing software. This is expected as they are hardware vendors after all and their focus is the silicon. My guess is that they do want to offer good support, but they just have no idea how to do it. They can’t attract quality developers and lot of their developers leave after working year or two, leaving messy code to the next who comes.

Their management usually do not fully understand how important open source software support is for the longevity success of their silicon.

A20 for instance is SOC which is selling well for more than 6 years, Allwinner has no other processor which sells so well, why is this? Because there is mainline Linux support and because our OSHW reference designs which thousands of people use to make their own hardware.

So Open Source Software and Hardware create business for them, but I guess this is something they didn’t analyzed well. No one uses A20 with Android now (as the official A20 Android version is obsolete 4.2.2 and there are no updates since the chip release), but Linux help them to sell for years.

Linux-Sunxi developers do code mostly for hobby and fun in their free time. The result is that there are no deadlines to deliver code and when the code is delivered it’s good one. So good that Allwinner re-use it their own repositories instead the code of their own engineers.

A recent single line patch which triples the A20 SATA write speed just proves that the code done by the community is better than this one released by the SOC vendors.

With A10/A20 SATA the Allwinner developers delivered very poor code, which crippled the performance of their SATA controller and everyone believed that it’s so lame because this is poorly done at hardware level. It appears single value change in SATA DMA register triples the speed of the SATA write. Allwinner is supposed to know best their processors then why they do such lame initialization mistakes? My guess is lack of documentation and coordination between the different teams inside the company. They do not document well their silicone and other departments don’t know what what is doing.

Rockchip which 7 years ago was about the same level as Allwinner for software support has been pushed by Google as they use some of their chips in Chromebooks. So Rockchip is forced by Google to submit Linux upstream drivers support and patches, which is great., but what they produce is far from the best quality. For instance Recent GitHub repository I check contains Windows app to generate public and private keys used to encrypt their secure boot Linux images 🙂 I have just to guess which genius decide this approach, but it speaks well about what kind of decisions are taken in these companies.

EDIT: Jon is right Rockchip did it good, the windows apps to generate keys and encrypt images were in Allwinner SDK 🙂

 

FreedomBox – your private Box of Freedom for Decentralizing the Internet and keeping your privacy away from the Big Brother

We are pleased to announce that Pioneer-FreedomBox Home Server Kit is now in stock.

You can read more about how FreedomBox free open source software project started in the FreedomBox Foundation press release.

FroodomBox software is developing 8 years and got lot of coverage in USA, India, Russia:

• SoftwareFreedom.org
• New York Times
• Wall Street Journal
• India Times
• Novaya Gazeta 2011
• Novaya Gazeta 2019

Olimex’s OLinuXino Open Source Hardware Linux Single Board Computers are natural match for FreedomBox Free Open Source Software.

We are very proud that we have been selected by FreedomBox Foundation for Hardware manufacturing partner of Pioneer-FreedomBox Home Server Kit.

What makes OLinuXino LIME2 good platform for Home Server Kit is:

• The Low Power ARM Dual core Cortex-A7 processor running blob free mainline Linux;
• Native SATA interface for connecting external SATA HDDs with power supply backup;
• LiPo battery UPS power backup supply with Power Management Unit and Stepp Up convertors which allow Pioneer-FreedomBox-HSK to run 4-5 hours on battery;
• Metal enclosure;
• power supply adapter with plug adapters for EU, US, UK power supply sockets;
• 32GB micro SD-card for file storage;

What do you get with FreedomBox is:

• Tor browser
• Private encrypted file sharing
• Private encrypted chat
• Peer to Peer file sharing
• Voice chat
• Web proxy
• Virtual Private Network
• IRC client
• Private Calendar and Address book
• File synchronization
• Distributed File Storage
• Your own hosted Wiki and Blog

All these features are made configurable with simple mouse click:

 

Linux Users Group Bulgaria annual meeting is April 6th in Plovdiv

Linux Users Group is annual meeting of people who use and develop with Linux in Bulgaria. The LUG-BG meeting this year is on 6th of April in Plovdiv. The web page of the meeting is here.

I signed for discussion about how to make one ARM Linux system tamper proof.

This is topic which is very interesting for all our OLinuXino customers. OLinuXino is used in many industrial product and machines and the designers want to be sure that no one except them can change the Linux image as these machines pass safety approvals etc and any intervention in the code is illegal.

The Allwinner SoCs do have TrustZone support and also crypto hardware to support a secure boot path for it, but parts of the ARM TrustZone specifications is under NDA and no one has seen it. The secure boot paths are also undocumented. Last time I attempt to receive any useful information about this I got reply: A20 is 5 years old processor and we do not offer technical support for the old processors, when I asked them for info how TrustZone and Secure boot is implemented in their newer processors I didn’t got any reply. My guess is this is something licensed from ARM which they never used so can’t support.

Currently all Allwinner SOC boot without using TrustZone and Secure boot path, they has so caller BROM a small code located in SOC ROM, which initializes the memory and processor registers with some safe values then try to boot from different peripherals. If UBOOT GPIO is held low they enter FEL mode where you can type some commands and load code via USB, else they try to boot from SD-CARD, if fails then try -> internal NAND Flash if fails then try -> SD-CARD2/eMMC, if fails then try -> SPI Flash, if all fails it go in FEL mode.

This is done intentionally so you can never brick your board if internal NAND or EMMC or SPI Flash get corrupted you can always boot from SD-card or USB and replace the image. This of course is big security hole, as anyone with physical access to your board can always replace your images with his own.

The TrustZone and Secure boot path solve this issue, but no one has documentation how this is done on Allwinner SOCs.

I hope to get some interesting ideas how this could be solved, one radical approach is to remove physically the SD-card connectors 🙂

A64-OLinuXino got mainline Linux Kernel 5.0 images

Linux kernel 5.0 was just released and as we were working this week to the release of mainline Linux image for A64-OLinuXino (as till now it has the ugly android based 3.10 kernel) we decided to release latest kernel.

The images are available on our FTP.

There are two images Debian headless or Ubuntu desktop.

Known issues with these images:

• LCDs are not supported yet, HDMI output is only available, we need one more week to figure out how to automatically detect if the Ethernet or LCD are enabled (there is jumper on the board which switch between LCD or Ethernet as both share pins and can’t work together). So to make the DTS configurations  automatic at boot time.
• eMMC do not work in the fastest possible mode yet. We need some time, right now 50MB/s is the max speed to read write instead of 100-200MB/s which the installed eMMC supports, we will update the image soon with HS200/400 modes enabled.
• No CPU thermal. A64 has 3 thermal zones – CPU, GPU0 and GPU1. The driver doesn’t support monitoring them.

How to build the images is explained here.

Mainline Linux Kernel 5.0 images for A13, A20 and A33 OLinuXino and SOMs is in progress.

How to use A20 CAN interface with the A20 universal Armbian image for OLinuXino

To use A20 CAN interface you need A20-OLinuXino board and A20-CAN board.

Then you have to install the armbian A20 CAN overlay:

• Download the dts file from:
  https://github.com/armbian/sunxi-DT-overlays/blob/master/sun7i-a20/sun7i-a20-can.dts
• Backup your SD card where the Linux image for OLinuXino is.
• Copy to the SD card the downloaded file.
• Insert the SD card into you A20-Olinuxino.
• Power on the board and after boot enter following command:

 

$ sudo armbian-add-overlay <path_to_the_dts_file>

 

• connect A20-CAN to your OLinuXino and reboot.

You can see if CAN is available now:

$ ifconfig -a

   can0     Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 
            NOARP MTU:16 Metric:1
            RX packets:0 errors:0 dropped:0 overruns:0 frame:0
            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:10
            RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
            Interrupt:51

 

To use CAN interface you can install can-utils and setup the CAN interface:

$ sudo apt-get install can-utils 
$ ip link set can0 down
$ ip link set can0 type can bitrate 100000 triple-sampling on loopback off
$ ip link set can0 up

 

Now conect A20-CAN to the CAN network two wire interface.

To send a packet over CAN use :

cansend <can_interface> <packet>

 

For instance:

$ cansend can0 5AA#10.10.10

 

To sniff for CAN network messages you can use candump :

$ candump can0

 

Now you can log your car CAN networking messages and interpret them. There is plenty of info on the web about the different CAN messages which are exchanged on car CAN bus.

TERES-I Open Source Hardware Laptop has new experimental Armbian Mainline Linux image for download

We uploaded few days ago Armbian experimental mainline linux image for TERES-I on our ftp.

There are still few known issues which we work on, but we wanted to upload this experimental image so other people can start playing with.

What is new?

• eMMC now run x3 times faster which improves the overall user experience.
• OpenGL with LIMA

Known issues:

• Automatically turns on upon applying power via the PWR_JACK, we need time to patch mainline uboot
• No sleep or suspend, WIP.
• Bluetooth not working out-of-the-box – fixed in Olimex release if you install the package
  ftp://staging.olimex.com/Allwinner_Images/A64-Teres/linux/armbian_experimental/teres-bluetooth_0.2-1_arm64_armbian.deb
  with command:

  dpkg -i teres-bluetooth_0.2-1_arm64_armbian.deb

• Keyboard LEDs not working – fixed in Olimex release – install the package

  ftp://staging.olimex.com/Allwinner_Images/A64-Teres/linux/armbian_experimental/teres1-ledctrl_0.1-1_armbian_arm64.deb

  with command:

  dpkg -i teres1-ledctrl_0.1-1_armbian_arm64.deb

• The LCD brightness is low by default (20%) – fixed in Olimex release – to increase it type in the console

  echo 9 > /sys/class/backlight/backlight/brightness

• no video player acceleration, to be fixed in the next release planned for 22.02.2019