kingneil
Posts: 36
Joined: Tue Sep 27, 2016 3:32 am

Which components of the Pi have writable firmware..?

Sat Oct 01, 2016 9:40 am

I want to know, what parts of a Raspberry Pi have writable firmware...?

For example, the BIOS in most computers is writable.. In the old days, BIOS was read-only.

So in a Pi, which components have writable firmware..?

Ethernet...? WiFi..? BIOS..? etc etc

Break this down for me component by component.

Not sure if this question is better to ask in the "advanced" section..

Thanks

User avatar
davidcoton
Posts: 5505
Joined: Mon Sep 01, 2014 2:37 pm
Location: Cambridge, UK
Contact: Website

Re: Which components of the Pi have writable firmware..?

Sat Oct 01, 2016 11:52 am

At least as far as anyone outside Broadcom knows, the answer is [drum roll] NONE of them.
Even the GPU boot software (nearest thing to a BIOS on the Pi, though it's not the same) is read from the SDCard (or, on beta, USB or network storage).
There is some One Time Programmable memory, but it does not store code.
Location: 345th cell on the right of the 210th row of L2 cache

Heater
Posts: 16858
Joined: Tue Jul 17, 2012 3:02 pm

Re: Which components of the Pi have writable firmware..?

Sat Oct 01, 2016 1:04 pm

Depends what you mean by "firmware". That term seems to have some fuzzy definition now a days.

In the old days "firmware" referred to that software that ended up as binary executable code in a ROM, Read Only Memory. It was not modifiable, at least not without yanking the ROM chip and replacing it. Hence "firm".

Then we have PROM, Programmable Read Only Memory, that was manufactured un-programmed and could be programmed one time by the maker of whatever device that used it. Again not modifiable without yanking the chip and replacing it.

Then came EPROM that could be updated by erasing the device by exposure to ultraviolet light and programming it again. These were generally not modifiable by a device user.

Then came EEPROM and such. They can be reprogrammed electronically. Now things change. There is the possibility of the user "reflashing" such devices.

What about the Pi?

As far as I know there is no modifiable software on the board itself. Clearly the SoC has software in ROM that allows it to read SD cards and boot up.

Then there is the infamous GPU binary blob. Not really firmware as it's volatile. It has to be loaded to the GPU on every boot up.

But you can't actually use a Pi without firmware.

The SD card you are using has a controller with firmware in it. It's even possible to change that firmware: http://hackaday.com/2013/12/29/hacking- ... ntrollers/

WIFI devices have "firmware" that gets loaded into them by the device driver in the Linux kernel.

Firmware is everywhere. Disk drives, ethernet adapters, everything USB.
Memory in C++ is a leaky abstraction .

jdb
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 2466
Joined: Thu Jul 11, 2013 2:37 pm

Re: Which components of the Pi have writable firmware..?

Sat Oct 01, 2016 4:31 pm

Without an SD card, no component on board the Pi has modifiable firmware. The boot ROM is literally mask ROM - at the wafer-level design, the bits making up the ROM are encoded into the metal layers deposited on top of the silicon.

The only state that can be preserved is a set of OTP registers that are programmed during factory test (and a few bits that are settable afterwards), most notably the randomly generated serial number. The bootrom and GPU firmware read these to determine bootmodes/decode keys for codecs. OTP is basically an array of fuses - bits within this array are set by "writing" 1s to them.
Rockets are loud.
https://astro-pi.org

kingneil
Posts: 36
Joined: Tue Sep 27, 2016 3:32 am

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 9:41 am

Wow, some good answers here.

How about the WiFi chip that comes with the Raspberry Pi 3 Model B..?

Does this not have writable firmware either..? Even this is directly from the SD card..?

So far, the answers from "davidcoton" and "jdb"... would imply NONE at all.

It is all loaded in from the SD card, and thus, it can all be fully controlled by the user..

Even the WiFi chip...? Even the Ethernet..?

You are saying that literally everything is loaded in from the SD card in terms of firmware/drivers?
Last edited by kingneil on Sun Oct 02, 2016 9:45 am, edited 1 time in total.

User avatar
rpdom
Posts: 17730
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 9:44 am

kingneil wrote:You are saying that literally everything is loaded in from the SD card in terms of firmware/drivers?
Yes.

The firmware for the WiFi chip is part of the Raspbian Linux installation.

kingneil
Posts: 36
Joined: Tue Sep 27, 2016 3:32 am

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 9:47 am

This is very impressive in terms of security, because any viruses can be cleaned out easily just by wiping the SD card.

Compare this to laptops you buy, and viruses could persist inside of GPU, mouse, keyboard, WiFi, Ethernet, BIOS, etc.... to the point where a lot of security experts say the only thing to do with an infected machine is just throw it away.

Compare this to the Pi, and wow... I find this very impressive.

kingneil
Posts: 36
Joined: Tue Sep 27, 2016 3:32 am

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 10:07 am

jdb wrote:The only state that can be preserved is a set of OTP registers that are programmed during factory test (and a few bits that are settable afterwards), most notably the randomly generated serial number. The bootrom and GPU firmware read these to determine bootmodes/decode keys for codecs. OTP is basically an array of fuses - bits within this array are set by "writing" 1s to them.
So, what kind of storage size is this..? Is it big enough to hold any kind of virus..?

Or even if it's not large enough to have a executable virus.. could it perhaps have some sort of identifier written into it, which ties the Pi to a given user, rather than a "random" serial number...? Perhaps a serial number that is slightly less random..?

I am asking these questions from a security standpoint.

Thanks

ghans
Posts: 7883
Joined: Mon Dec 12, 2011 8:30 pm
Location: Germany

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 11:36 am

I think an attacker with root access could write your SSN or postal address into OTP memory.
OTP memory can't be erased , as we all know. Why an attacker should do this is not clear to me.

I would be much more concerned by the mere fact that he got root on my box and that he somehow
knows my SSN or Postal Address in the first place.

ghans
• Don't like the board ? Missing features ? Change to the prosilver theme ! You can find it in your settings.
• Don't like to search the forum BEFORE posting 'cos it's useless ? Try googling : yoursearchtermshere site:raspberrypi.org

User avatar
DougieLawson
Posts: 40228
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 12:01 pm

kingneil wrote:
jdb wrote:The only state that can be preserved is a set of OTP registers that are programmed during factory test (and a few bits that are settable afterwards), most notably the randomly generated serial number. The bootrom and GPU firmware read these to determine bootmodes/decode keys for codecs. OTP is basically an array of fuses - bits within this array are set by "writing" 1s to them.
So, what kind of storage size is this..? Is it big enough to hold any kind of virus..?

Or even if it's not large enough to have a executable virus.. could it perhaps have some sort of identifier written into it, which ties the Pi to a given user, rather than a "random" serial number...? Perhaps a serial number that is slightly less random..?

I am asking these questions from a security standpoint.

Thanks
It's 59 four byte words of data that has very specific meanings for the GPU firmware. For example word #28 is the CPU serial.

There's no user programming available to write it as it belongs to the closed source GPU. Writing to it would most likely brick your RPi.
Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

kingneil
Posts: 36
Joined: Tue Sep 27, 2016 3:32 am

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 3:01 pm

DougieLawson wrote: It's 59 four byte words of data that has very specific meanings for the GPU firmware. For example word #28 is the CPU serial.

There's no user programming available to write it as it belongs to the closed source GPU. Writing to it would most likely brick your RPi.
OK, so it can't be written to, but can the GPU or something else read this data..?

Because, jdb said:
jdb wrote:The only state that can be preserved is a set of OTP registers that are programmed during factory test (and a few bits that are settable afterwards), most notably the randomly generated serial number"
Now, I don't like the sound of this.

"Randomly generated serial number" is going to be a number uniquely tied to each Raspberry PI. Maybe 2 get the same serial number randomly, but it's unlikely. At the very best a few would have the same number.

So from a security perspective... if this serial number can be read, then the hacker can see that this serial number is tied to a particular Pi, and thus, if they re-infect the device, they can tell that it's the same device.

That is, only if this serial number can be read by a hacker.

So can this serial number be read while the Pi is running, or at any other time that would allow it to be transmitted over the Internet..?

Thanks

Heater
Posts: 16858
Joined: Tue Jul 17, 2012 3:02 pm

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 3:24 pm

I appreciate your concerns.

The serial number blow into to Pi are all about keying the codecs you can buy to a particular machine so that they don't get copied all around the place and still work.

Last time we discussed this serial number collisions were possible but rare enough as not to be a concern.

You are right, the serial number could identify you. But your machine would need to already have some security hole that lets a hacker in, get root, and read them.

That then is the least of our worries when it comes to security. You can already be uniquely identified by your browser finger print for example: https://amiunique.org/fp
Memory in C++ is a leaky abstraction .

W. H. Heydt
Posts: 13623
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 4:08 pm

DougieLawson wrote: There's no user programming available to write it as it belongs to the closed source GPU. Writing to it would most likely brick your RPi.
Not strictly true, as evidenced by the sticky thread on the MSD boot mode set up. On the whole correct, though. There simply isn't enough space to put a virus in there, nor is there a way to execute code from the OTP.

W. H. Heydt
Posts: 13623
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 4:19 pm

kingneil wrote: "Randomly generated serial number" is going to be a number uniquely tied to each Raspberry PI. Maybe 2 get the same serial number randomly, but it's unlikely. At the very best a few would have the same number.
It is possible to find two Pis with the same serial number, but it is highly unlikely that anyone will succeed in doing so. Remember that Pis are located all over the world.
So from a security perspective... if this serial number can be read, then the hacker can see that this serial number is tied to a particular Pi, and thus, if they re-infect the device, they can tell that it's the same device.

That is, only if this serial number can be read by a hacker.
CPU serial numbers are not a unique feature of Pis. x86 CPUs have them, too. So every PC (and Mac) in the world has a serial number.

And, FYI, *you* can read the serial number in your Pi. Just run "cat /proc/cpuinfo". It's the last item listed.
So can this serial number be read while the Pi is running, or at any other time that would allow it to be transmitted over the Internet..?
That's the only time you can read. It's not like knowing it will do anyone any good as an attack vector.

ejolson
Posts: 6032
Joined: Tue Mar 18, 2014 11:47 am

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 4:37 pm

DougieLawson wrote:Writing to it would most likely brick your RPi.
Modern motherboards have firmware in flash memory that if corrupted can prevent the computer from booting. I believe it is possible, for example through JTAG or equivalent, to reprogram the flash when things go badly. Since the OTP can't be reset, it would seem that a virus could permanently disable any Pi by writing to it. While essentially a reliability issue, this could become important for security as well. I wonder of it's true that a Pi can be bricked by writing to OTP.

User avatar
DougieLawson
Posts: 40228
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 5:09 pm

W. H. Heydt wrote:
DougieLawson wrote: There's no user programming available to write it as it belongs to the closed source GPU. Writing to it would most likely brick your RPi.
Not strictly true, as evidenced by the sticky thread on the MSD boot mode set up. On the whole correct, though. There simply isn't enough space to put a virus in there, nor is there a way to execute code from the OTP.
That wasn't user programming, that was a special parameter passed to the firmware to cause it to write the USB/PXE OTP switch and enable that function in the burned in boot loader.
ejolson wrote:
DougieLawson wrote:Writing to it would most likely brick your RPi.
Modern motherboards have firmware in flash memory that if corrupted can prevent the computer from booting. I believe it is possible, for example through JTAG or equivalent, to reprogram the flash when things go badly. Since the OTP can't be reset, it would seem that a virus could permanently disable any Pi by writing to it. While essentially a reliability issue, this could become important for security as well. I wonder of it's true that a Pi can be bricked by writing to OTP.
That is 100% impossible to test without special bootcode. Because the bootcode is proprietary (owned by Broadcom) it's exceedingly difficult to start hacking that code in an attempt to brick the RPi.

With every piece of computer hardware you have to trust the chip maker and the folks who own the low-level boot loader. If you can't trust them you have no choice for security except to remove the power and stare at the nice green circuit board that does nothing useful.

The exceedingly paranoid can't avoid that problem. There are bigger risks out there like tDES encrypted PAN/PIN on your payment card (which you probably trust every time you walk into Tesco, Coles, Target or Wal*Mart for a pint of milk). The biggest risk to your RPi is having it connected to the public internet.
Last edited by DougieLawson on Sun Oct 02, 2016 5:15 pm, edited 1 time in total.
Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

User avatar
jahboater
Posts: 6300
Joined: Wed Feb 04, 2015 6:38 pm
Location: Wonderful West Dorset

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 5:10 pm

W. H. Heydt wrote: CPU serial numbers are not a unique feature of Pis. x86 CPUs have them, too. So every PC (and Mac) in the world has a serial number.
I thought x86 CPU's (the Pentium 3) had a serial number briefly but it was removed again because it was considered a security risk. I may be wrong.
Last edited by jahboater on Sun Oct 02, 2016 5:43 pm, edited 1 time in total.

User avatar
DougieLawson
Posts: 40228
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 5:21 pm

jahboater wrote:
W. H. Heydt wrote: CPU serial numbers are not a unique feature of Pis. x86 CPUs have them, too. So every PC (and Mac) in the world has a serial number.
I thought x86 PC's (the Pentium 3) had a serial number briefly but it was removed again because it was considered a security risk. I may be wrong.
My HP Lappy has a serial that's accessible from software. HP's website at http://support.hp.com/us-en/checkwarranty has a browser widget that discovers my machine serial. Both of my work laptops one running Win7, the other running Win8.1 (I'm working for two large mainframe users, in case you wondered) have a very similar function driven from a Windows control panel widget.
Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

Heater
Posts: 16858
Joined: Tue Jul 17, 2012 3:02 pm

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 5:40 pm

Yeah, nothing stops computer makers putting devices on their boards that contain serial numbers. Never mind what is in the CPU.

MS has a similar thing for their Surface and other machines: https://www.microsoft.com/surface/en-us ... =undefined

I would never entertain installing such a "app" on anything.

I suspect this is very common today.
Memory in C++ is a leaky abstraction .

User avatar
CarlRJ
Posts: 598
Joined: Thu Feb 20, 2014 4:00 am
Location: San Diego, California

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 6:28 pm

Heater wrote:Yeah, nothing stops computer makers putting devices on their boards that contain serial numbers. Never mind what is in the CPU.
...
I suspect this is very common today.
Indeed. On a Mac, two clicks (AppleMenu->About This Mac) will get you the OS release, model name, CPU/RAM/GPU configuration, and the machine's serial number, and similar is available programmatically. If you try really hard you might conjure up some privacy concerns about this (it's never been a problem for me), but it is in no way an attack vector as kingneil was trying to suggest.

kingneil
Posts: 36
Joined: Tue Sep 27, 2016 3:32 am

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 6:57 pm

I am not suggesting that the serial number is an attack vector itself.

I'm suggesting that if someone hacked you once, got the serial number... and then, hacked you again later, they could read the serial number again and compare it to see that you are the same person.

For security reasons, the Pi should not have any unique serial number at all.

I wonder if there is some way in software, to boot up the OS and obscure what the serial number is.

Some sort of software on boot that prints out a fake serial number to anyone requesting it through "cat /proc/cpuinfo" or other command... a bit like how you can spoof your MAC address.

User avatar
DougieLawson
Posts: 40228
Joined: Sun Jun 16, 2013 11:19 pm
Location: A small cave in deepest darkest Basingstoke, UK
Contact: Website Twitter

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 7:00 pm

The paranoia is strong in this one.

The bottom 48 bits of the serial is used for the MAC address. Think again.
Criticising any questions is banned on this forum.

Any DMs sent on Twitter will be answered next month.
All fake doctors are on my foes list.

Note: Any requirement to use a crystal ball or mind reading will result in me ignoring your question.

jdb
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 2466
Joined: Thu Jul 11, 2013 2:37 pm

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 7:08 pm

kingneil wrote:I am not suggesting that the serial number is an attack vector itself.

I'm suggesting that if someone hacked you once, got the serial number... and then, hacked you again later, they could read the serial number again and compare it to see that you are the same person.

For security reasons, the Pi should not have any unique serial number at all.

I wonder if there is some way in software, to boot up the OS and obscure what the serial number is.

Some sort of software on boot that prints out a fake serial number to anyone requesting it through "cat /proc/cpuinfo" or other command... a bit like how you can spoof your MAC address.
Invalid comparison. Being able to uniquely identify a Raspberry Pi is not a security risk. The serial number is not exposed unless you can already run remote code on the device (MAC address is irrelevant - it's settable in the lan9500 driver) - which by doing so, means you've owned the device anyway. The existence or not of a uniquely identifying number for the Pi is independent of the ability to compromise the software running on the Pi.
Rockets are loud.
https://astro-pi.org

User avatar
mahjongg
Forum Moderator
Forum Moderator
Posts: 13391
Joined: Sun Mar 11, 2012 12:19 am
Location: South Holland, The Netherlands

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 7:08 pm

(un)fortunately the PI needs (relatively) unique serial numbers embedded so they can license a codec. Without it licensing hardware decoders would be impossible, depriving PI users from decoding MPEG-2 and VC-1 movies.
There is no way to hide this serial number in software, that cannot be undone in software.
if malicious code could read this serial number, it would NOT (legally) couple it to a specific PI, as there technically be more than one PI with the same serial number.
Also malicious code could just as well use the MAC address for the same purpose. And as said practically all CPU's have a similar serial number, so its not a PI specific "problem".

PI's do NOT have writeable firmware.... not a single byte.

Heater
Posts: 16858
Joined: Tue Jul 17, 2012 3:02 pm

Re: Which components of the Pi have writable firmware..?

Sun Oct 02, 2016 7:11 pm

kingneil,
For security reasons, the Pi should not have any unique serial number at all.
Perhaps.

Do you apply the same criteria to whatever PC or Mac you use?

What about your mobile phones? Or even your TV now a days.

What do you do about it?

Why pick on the Pi?
Memory in C++ is a leaky abstraction .

Return to “General discussion”