titusece wrote:I removed that chip from my board and now the camera board is stopped working.
From what I have read in this forum, the purpose of the crypto chip
is to prevent other vendors from making V2 cameras that will work with the RPi. If that is the purpose, then, naturally, if you remove it, you can expect that the camera will cease to work.
Otherwise, it would not be a very effective block-out mechanism, as another vendor could simply copy the design, minus the crypto chip
, and sell that. That said, one might infer that the mechanism that is being employed is one where the RPi, at time of camera usage, queries the crypto chip
, first, to determine if the chip is one that is authorized by RPT (given that anyone can buy the chip on the open-market), before interacting with the IMX219
. Given that chips, themselves, are commodities, and the crypto chip
, in this case, is being sold by Atmel
, one realizes that authorize
implies that the chip was somehow touched
at time of camera-module manufacture, and touched
There are numerous cryptographic algorithms for determining authenticity of an integrated circuit, and this particular chip apparently uses SHA-256
. This chip also has the ability to store sixteen 256-bit cryptographic keys. Knowing this, operation might be as follows:
- When camera module is manufactured, crypto chip is written with a master secret 256-bit key known only to RPT.
- By design, such keys are write-only, and cannot be read by by a chip-sniffer.
- User attempts to use camera module.
- RPi code computes a random string.
- RPi code knows of master secret key that it wrote to all manufactured camera modules' crypto chips.
- RPi code computes message digest of random string using the doled-out master secret key as SHA-256 key.
- RPi code challenges crypto chip, over its I2C interface, with random string.
- Crypto chip computes message digest of random string using its internalized secret key as SHA-256 key.
- Crypto chip reponds to RPi code with message digest.
- RPi code compares its own computed message digest with message digest received from crypto chip.
- If the two message digests match, proceed to interact with IMX219. If not, do nothing and error-out.
This algorithm would work because it would be exceptionally unlikely that non-RPT camera module is able to generate the correct message digest
from the random string using a bogus SHA-256
master key. If you are wondering just how long it would take to circumvent this block-out mechanism, consider: If someone were to buy a dummy chip from Atmel
, write it with different bogus master SHA-256
keys, over and over (if that is even possible), and have a script on the RPi try to use the camera, each time, hoping to get lucky on choice of master secret key, you're looking at several billion trillion quadrillion times the age of the Universe, at least.
But this explanation is probably wrong, so please do not conclude that this is what is happening