trejan
Posts: 1874
Joined: Tue Jul 02, 2019 2:28 pm

Re: Raspberry Pi 4 usb boot?

Thu Aug 29, 2019 7:32 pm

dickon wrote:
Thu Aug 29, 2019 7:10 pm
I am filled with unimaginable levels of joy at this news.
https://github.com/raspberrypi/firmware/issues/1101 will make you even more joy filled :D

User avatar
dickon
Posts: 1452
Joined: Sun Dec 09, 2012 3:54 pm
Location: Home, just outside Reading

Re: Raspberry Pi 4 usb boot?

Thu Aug 29, 2019 8:28 pm

I'm not entirely sure what they're on about there, TBH. I handle that with symlinks in /tftpboot:

Code: Select all

lrwxrwxrwx 1 root   root             9 Jul 19  2018 ec098a3c -> pi-debian
lrwxrwxrwx 1 root   root            34 May 11  2018 pi-debian -> /var/local/nfsroot/pi-debian/boot/
which works nicely. Not that I use dnsmasq.

vintozver
Posts: 39
Joined: Thu Jun 01, 2017 2:16 am
Location: Bellevue, WA, USA

Re: Raspberry Pi 4 usb boot?

Fri Aug 30, 2019 10:32 pm

since the work in progress, may we ask for ipv6+dhcpv6 support?
I have succeeded with NFSv4 rootfs mount, dhcpv6 boot would let me finally get rid of ipv4 in the network.

Thank you!

ejolson
Posts: 5206
Joined: Tue Mar 18, 2014 11:47 am

Re: Raspberry Pi 4 usb boot?

Fri Aug 30, 2019 11:42 pm

vintozver wrote:
Fri Aug 30, 2019 10:32 pm
since the work in progress, may we ask for ipv6+dhcpv6 support?
I have succeeded with NFSv4 rootfs mount, dhcpv6 boot would let me finally get rid of ipv4 in the network.
As long as we're dreaming about things other people will do, it would also be nice to have something like iPXE available, even if it only from an SD card.

Back on the topic of USB boot, I was reading that the kexec system call is currently broken on the Raspberry Pi. If it worked, then kexec could be used to chain load and switch into a new Linux kernel from a kernel that is currently running without rebooting. This could then achieve the main USB-boot advantage of keeping the active kernel and root on the same device for easy swapping of things around.

Does anyone know if kexec works in the Raspbian kernel?

vintozver
Posts: 39
Joined: Thu Jun 01, 2017 2:16 am
Location: Bellevue, WA, USA

Re: Raspberry Pi 4 usb boot?

Sat Aug 31, 2019 5:07 am

Simple google search http://lig-membres.imag.fr/duble/softwa ... i-netboot/

kexec is still an issue afaik

User avatar
Gavinmc42
Posts: 4508
Joined: Wed Aug 28, 2013 3:31 am

Re: Raspberry Pi 4 usb boot?

Sat Aug 31, 2019 6:41 am

Wonder what size EEPROM the 2711 ROM boot can handle?
Those that want netboot, will they also need USB boot?

I think Jamesh said the EEPROM can be programmed with Flashrom?
So if iPV6/iPEX etc use up the entire EEPROM and leaves no room for SD/USB boot it can still be unbricked.
I'm dancing on Rainbows.
Raspberries are not Apples or Oranges

andrum99
Posts: 1207
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi 4 usb boot?

Sat Aug 31, 2019 12:02 pm

Gavinmc42 wrote:
Sat Aug 31, 2019 6:41 am
Wonder what size EEPROM the 2711 ROM boot can handle?
Those that want netboot, will they also need USB boot?

I think Jamesh said the EEPROM can be programmed with Flashrom?
So if iPV6/iPEX etc use up the entire EEPROM and leaves no room for SD/USB boot it can still be unbricked.
Raspberry Pi have specifically stated that they are not committed to keep using the same size of EEPROM, so it could change in the future.

User avatar
Gavinmc42
Posts: 4508
Joined: Wed Aug 28, 2013 3:31 am

Re: Raspberry Pi 4 usb boot?

Sun Sep 01, 2019 12:11 am

Raspberry Pi have specifically stated that they are not committed to keep using the same size of EEPROM, so it could change in the future.
Yep prices will fall and they stick a bigger one in.
One a complete OS can fit inside :lol:
Just wish listing ;)
I'm dancing on Rainbows.
Raspberries are not Apples or Oranges

ejolson
Posts: 5206
Joined: Tue Mar 18, 2014 11:47 am

Re: Raspberry Pi 4 usb boot?

Sun Sep 01, 2019 2:03 am

Gavinmc42 wrote:
Sun Sep 01, 2019 12:11 am
Raspberry Pi have specifically stated that they are not committed to keep using the same size of EEPROM, so it could change in the future.
Yep prices will fall and they stick a bigger one in.
One a complete OS can fit inside :lol:
Just wish listing ;)
Maybe Minux will fit. Could a big EEPROM contain an IPMI-like remote management engine that runs on the GPU?

From a security point of view, it was reassuring that removing the SD card from previous models cleared the system of all possible malware. Thinking about the advanced ways a malware threat can become persistent by hiding in non-volatile on-board memory makes me want to purchase a stack of 3B+ computers while they are still discounted at $25 each. On the other hand, regular PCs and Macintosh computers have even more on-board storage and it's generally not a problem.

Is there a guaranteed way to clear and reflash the Pi 4B EEPROM?

andrum99
Posts: 1207
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi 4 usb boot?

Sun Sep 01, 2019 4:08 am

ejolson wrote:
Sun Sep 01, 2019 2:03 am
Is there a guaranteed way to clear and reflash the Pi 4B EEPROM?
The recovery.bin method is meant to be guaranteed - presumably the boot ROM in the SoC looks for recovery.bin first, before allowing anything in the EEPROM to run.

bjtheone
Posts: 772
Joined: Mon May 20, 2019 11:28 pm
Location: The Frozen North (AKA Canada)

Re: Raspberry Pi 4 usb boot?

Sun Sep 01, 2019 3:02 pm

ejolson wrote:
Sun Sep 01, 2019 2:03 am
From a security point of view, it was reassuring that removing the SD card from previous models cleared the system of all possible malware. Thinking about the advanced ways a malware threat can become persistent by hiding in non-volatile on-board memory makes me want to purchase a stack of 3B+ computers while they are still discounted at $25 each. On the other hand, regular PCs and Macintosh computers have even more on-board storage and it's generally not a problem.

Is there a guaranteed way to clear and reflash the Pi 4B EEPROM?
If the EEPROM is writable and accessible it is hackable. It comes down to tradeoffs of convenience, adaptability, upgradeablity against security. Given the amount of space it the EEPROM, it likely would be difficult to install malware that does useful things and have the Pi function normally. It is much easier to just break the device by mucking up the code. Not sure if there is a fuseable link that you could blow after messing with it to kill the Pi.

Given that most computers have flashable on board firmware and this has not been a big issue, I would say the risks are low. There was a hack that could kill video cards a long time ago. People have demoed POC hacks on embedded insulin pumps, and smart battery power management (most laptops have embedded battery management and you likely could create fires with this).

Bottom line, if it is accessible, it is hackable and this issue is only going to get worse as more and more things get connected/smart. Steal your car, turn off your house heating, shut down your fridge, mess with your insulin pump, disable your car at highway speeds...

asavah
Posts: 371
Joined: Thu Aug 14, 2014 12:49 am

Re: Raspberry Pi 4 usb boot?

Sun Sep 01, 2019 4:16 pm

bjtheone wrote:
Sun Sep 01, 2019 3:02 pm
If the EEPROM is writable and accessible it is hackable.
To make use of "hackable" EEPROM on the pi4 one would need to:
1a) hack the os remotely and gain root access.
or
1b) have local physical access

2) Have deep knowledge of VC4/6 hardware and software architecture and have knowledge of and access to all the needed tools to build their own bootloader code which is closed source and AFAIK is very peculiar architecture, I think the amount of people in the world capable of writing their own malicious vc4/6 bootloader is very small, like a dozen or two of persons.

Please stop spreading the FUD.

ejolson
Posts: 5206
Joined: Tue Mar 18, 2014 11:47 am

Re: Raspberry Pi 4 usb boot?

Sun Sep 01, 2019 5:11 pm

asavah wrote:
Sun Sep 01, 2019 4:16 pm
bjtheone wrote:
Sun Sep 01, 2019 3:02 pm
If the EEPROM is writable and accessible it is hackable.
To make use of "hackable" EEPROM on the pi4 one would need to:
1a) hack the os remotely and gain root access.
or
1b) have local physical access

2) Have deep knowledge of VC4/6 hardware and software architecture and have knowledge of and access to all the needed tools to build their own bootloader code which is closed source and AFAIK is very peculiar architecture, I think the amount of people in the world capable of writing their own malicious vc4/6 bootloader is very small, like a dozen or two of persons.

Please stop spreading the FUD.
It seems reasonable to believe that the spy agencies of any major government as well as North Korea have enough resources to roll their own firmware for any hard disk, SSD, network adapter, USB drive, SD card, router or computer. Even if you are not a high-value target, anyone who lives in a country where computers appear in government offices has likely already been adversely affected.

With that sort of fud in mind, hardware with updatable firmware that does not further include a way for the user to verify and reset that firmware has the potential to cause a dent in the tin man's hat.

Image

Fortunately, updatable firmware also provides a route to obtain USB boot.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 26452
Joined: Sat Jul 30, 2011 7:41 pm

Re: Raspberry Pi 4 usb boot?

Sun Sep 01, 2019 6:37 pm

Don't forget that a recovery.bin on a fresh SD card will ALWAYS recover the system and remove any malware that, in very unlikely circumstances, corrupt the EEPROM.

BTW, I know of no disgruntled Brcm employees. And there certainly are no RPi ones!
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

andrum99
Posts: 1207
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi 4 usb boot?

Sun Sep 01, 2019 7:06 pm

jamesh wrote:
Sun Sep 01, 2019 6:37 pm
Don't forget that a recovery.bin on a fresh SD card will ALWAYS recover the system and remove any malware that, in very unlikely circumstances, corrupt the EEPROM.

BTW, I know of no disgruntled Brcm employees. And there certainly are no RPi ones!
<fud> Since the VLI USB controller firmware is also rewriteable, it is possible to insert malware in there, and have it reinfect the EEPROM.</fud>

nickbp
Posts: 2
Joined: Wed Aug 28, 2019 11:05 am

Re: Raspberry Pi 4 usb boot?

Mon Sep 02, 2019 4:52 am

jamesh wrote:
Thu Aug 29, 2019 11:09 am
nickbp wrote:
Thu Aug 29, 2019 10:45 am
jamesh wrote:
Thu Aug 29, 2019 9:08 am
No, I do not believe we would do that. We have an engineer very experienced in this stuff (he wrote the current bootloader), and when he gets to it, it will get done.
Is the intent to get to it on the order of weeks or months? Asking because I'm unsure if I should just go ahead and put in an order for SD cards in order to hold the boot partition on a few units, when either PXE or USB support would allow me to avoid needing to deal with it.
PXE is in progress, but still quite a bit of work to do, a small number of months. USB hasn't been started yet, so is some further months away.

Just buy some small and cheap SD cards. Not point in delaying for the minor costs involved.
Will do, thanks for the info!

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 26452
Joined: Sat Jul 30, 2011 7:41 pm

Re: Raspberry Pi 4 usb boot?

Mon Sep 02, 2019 6:19 am

andrum99 wrote:
Sun Sep 01, 2019 7:06 pm
jamesh wrote:
Sun Sep 01, 2019 6:37 pm
Don't forget that a recovery.bin on a fresh SD card will ALWAYS recover the system and remove any malware that, in very unlikely circumstances, corrupt the EEPROM.

BTW, I know of no disgruntled Brcm employees. And there certainly are no RPi ones!
<fud> Since the VLI USB controller firmware is also rewriteable, it is possible to insert malware in there, and have it reinfect the EEPROM.</fud>
I don't believe that is technically possible as the VLI controller cannot access Arm Memory space, and therefore get at the eeprom. But will ask around.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 26452
Joined: Sat Jul 30, 2011 7:41 pm

Re: Raspberry Pi 4 usb boot?

Mon Sep 02, 2019 6:21 am

jcyr wrote:
Mon Sep 02, 2019 12:04 am
jamesh wrote:
Sun Sep 01, 2019 6:37 pm
BTW, I know of no disgruntled Brcm employees. And there certainly are no RPi ones!
Retired from Broadcom as master engineer after a 20 year stint. Plenty of disgruntled engsineers along the way. Certainly not a majority, but plenty still. Was a great company till Avago took over, not so much since...
Sorry, was talking about VC4 experienced engineers with access to internal details relevant to the topic.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

timg236
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 526
Joined: Thu Jun 21, 2018 4:30 pm

Re: Raspberry Pi 4 usb boot?

Mon Sep 02, 2019 9:52 am

jamesh wrote:
Mon Sep 02, 2019 6:19 am
andrum99 wrote:
Sun Sep 01, 2019 7:06 pm
jamesh wrote:
Sun Sep 01, 2019 6:37 pm
Don't forget that a recovery.bin on a fresh SD card will ALWAYS recover the system and remove any malware that, in very unlikely circumstances, corrupt the EEPROM.

BTW, I know of no disgruntled Brcm employees. And there certainly are no RPi ones!
<fud> Since the VLI USB controller firmware is also rewriteable, it is possible to insert malware in there, and have it reinfect the EEPROM.</fud>
I don't believe that is technically possible as the VLI controller cannot access Arm Memory space, and therefore get at the eeprom. But will ask around.
The VLI EEPROM can / is updated over PCIe but that requires root privileges. I can't be bothered to find the link but there was a post where a beta VLI was shared.

From a security point of view the ROM will always load recovery.bin in preference to the the EEPROM. The means you can always boot a Pi4 from a clean SD-CARD and force both EEPROMs into a known good state before malware has any change to run.

VLI updates may move to recovery.bin to avoid the tedious PCI rescan/remove step but after network boot is at least in beta.

andrum99
Posts: 1207
Joined: Fri Jul 20, 2012 2:41 pm

Re: Raspberry Pi 4 usb boot?

Mon Sep 02, 2019 10:03 am

jamesh wrote:
Mon Sep 02, 2019 6:19 am
andrum99 wrote:
Sun Sep 01, 2019 7:06 pm
jamesh wrote:
Sun Sep 01, 2019 6:37 pm
Don't forget that a recovery.bin on a fresh SD card will ALWAYS recover the system and remove any malware that, in very unlikely circumstances, corrupt the EEPROM.

BTW, I know of no disgruntled Brcm employees. And there certainly are no RPi ones!
<fud> Since the VLI USB controller firmware is also rewriteable, it is possible to insert malware in there, and have it reinfect the EEPROM.</fud>
I don't believe that is technically possible as the VLI controller cannot access Arm Memory space, and therefore get at the eeprom. But will ask around.
Does this mean the code in the EEPROM runs on the ARM, or just that it is mapped into ARM memory space, in addition to VPU space?

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 26452
Joined: Sat Jul 30, 2011 7:41 pm

Re: Raspberry Pi 4 usb boot?

Mon Sep 02, 2019 11:10 am

andrum99 wrote:
Mon Sep 02, 2019 10:03 am
jamesh wrote:
Mon Sep 02, 2019 6:19 am
andrum99 wrote:
Sun Sep 01, 2019 7:06 pm

<fud> Since the VLI USB controller firmware is also rewriteable, it is possible to insert malware in there, and have it reinfect the EEPROM.</fud>
I don't believe that is technically possible as the VLI controller cannot access Arm Memory space, and therefore get at the eeprom. But will ask around.
Does this mean the code in the EEPROM runs on the ARM, or just that it is mapped into ARM memory space, in addition to VPU space?
Neither, but to program the EEPROM I think you usually go via the ARM.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

bjtheone
Posts: 772
Joined: Mon May 20, 2019 11:28 pm
Location: The Frozen North (AKA Canada)

Re: Raspberry Pi 4 usb boot?

Mon Sep 02, 2019 2:46 pm

asavah wrote:
Sun Sep 01, 2019 4:16 pm
bjtheone wrote:
Sun Sep 01, 2019 3:02 pm
If the EEPROM is writable and accessible it is hackable.
To make use of "hackable" EEPROM on the pi4 one would need to:
1a) hack the os remotely and gain root access.
or
1b) have local physical access

2) Have deep knowledge of VC4/6 hardware and software architecture and have knowledge of and access to all the needed tools to build their own bootloader code which is closed source and AFAIK is very peculiar architecture, I think the amount of people in the world capable of writing their own malicious vc4/6 bootloader is very small, like a dozen or two of persons.

Please stop spreading the FUD.
if there is external access and the device is rewrite-able it is hackable. Period. I am not spreading FUD. I did not say that it would be simple nor even likely. I find it sad when people try an label facts they are uncomfortable with as FUD. Please feel free to explain why in cannot be done, which is very different that it is unlikely to be done.

Do I think it likely that someone will spend the effort necessary to hack Pi's when there are much more lucrative targets available, no I don't. I personally am not worried about it, as my computers live behind a reasonable firewall, with strong passwords, whitelisting., with a solid backup strategy. I also don't download and run stuff that I cannot verify. Not running Windows on any computers also most a long way to avoiding malware. That is all the is required to stay safe from the run of the mill stuff.

However, that is very different that saying that it can't be done. The most likely vector is some idiot making a broken image and convincing people to flash it via social engineering.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 26452
Joined: Sat Jul 30, 2011 7:41 pm

Re: Raspberry Pi 4 usb boot?

Mon Sep 02, 2019 3:29 pm

bjtheone wrote:
Mon Sep 02, 2019 2:46 pm
asavah wrote:
Sun Sep 01, 2019 4:16 pm
bjtheone wrote:
Sun Sep 01, 2019 3:02 pm
If the EEPROM is writable and accessible it is hackable.
To make use of "hackable" EEPROM on the pi4 one would need to:
1a) hack the os remotely and gain root access.
or
1b) have local physical access

2) Have deep knowledge of VC4/6 hardware and software architecture and have knowledge of and access to all the needed tools to build their own bootloader code which is closed source and AFAIK is very peculiar architecture, I think the amount of people in the world capable of writing their own malicious vc4/6 bootloader is very small, like a dozen or two of persons.

Please stop spreading the FUD.
if there is external access and the device is rewrite-able it is hackable. Period. I am not spreading FUD. I did not say that it would be simple nor even likely. I find it sad when people try an label facts they are uncomfortable with as FUD. Please feel free to explain why in cannot be done, which is very different that it is unlikely to be done.

Do I think it likely that someone will spend the effort necessary to hack Pi's when there are much more lucrative targets available, no I don't. I personally am not worried about it, as my computers live behind a reasonable firewall, with strong passwords, whitelisting., with a solid backup strategy. I also don't download and run stuff that I cannot verify. Not running Windows on any computers also most a long way to avoiding malware. That is all the is required to stay safe from the run of the mill stuff.

However, that is very different that saying that it can't be done. The most likely vector is some idiot making a broken image and convincing people to flash it via social engineering.
Not sure anyone said it could not be done, what was said that it's not possible to brick it as you can ALWAYS recover the system to a known good state with the SD card with recovery.bin on it.

And of course you do need superuser write to write to the EEPROM in the first place, but social engineer would be possible.

Note that the bootloader is not ARM, it runs on the Videocore processor so uses Videocore instructions.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed.
I've been saying "Mucho" to my Spanish friend a lot more lately. It means a lot to him.

ejolson
Posts: 5206
Joined: Tue Mar 18, 2014 11:47 am

Re: Raspberry Pi 4 usb boot?

Mon Sep 02, 2019 4:36 pm

bjtheone wrote:
Mon Sep 02, 2019 2:46 pm
asavah wrote:
Sun Sep 01, 2019 4:16 pm
bjtheone wrote:
Sun Sep 01, 2019 3:02 pm
If the EEPROM is writable and accessible it is hackable.
To make use of "hackable" EEPROM on the pi4 one would need to:
1a) hack the os remotely and gain root access.
or
1b) have local physical access

2) Have deep knowledge of VC4/6 hardware and software architecture and have knowledge of and access to all the needed tools to build their own bootloader code which is closed source and AFAIK is very peculiar architecture, I think the amount of people in the world capable of writing their own malicious vc4/6 bootloader is very small, like a dozen or two of persons.

Please stop spreading the FUD.
However, that is very different that saying that it can't be done. The most likely vector is some idiot making a broken image and convincing people to flash it via social engineering.
If a sociable engineer posting for the first time claimed to have created a new EEPROM image that supported USB boot and gave a link here, how many people do you think would try it out? What if some virtual trolls posted that it actually worked and did indeed support USB boot?

Along different lines I've been thinking about how to create a second-stage kernel-based boot loader that could perform USB boot and secure network boot over SSL. However, it's likely to be slow and require enabling and disabling SMP on a running Linux kernel so that kexec chain loading works. I've already finished the most difficult part: finding a good name for the boot loader. Instead of grub, I've decided to call it slug.

bjtheone
Posts: 772
Joined: Mon May 20, 2019 11:28 pm
Location: The Frozen North (AKA Canada)

Re: Raspberry Pi 4 usb boot?

Mon Sep 02, 2019 5:17 pm

jamesh wrote:
Mon Sep 02, 2019 3:29 pm
Not sure anyone said it could not be done, what was said that it's not possible to brick it as you can ALWAYS recover the system to a known good state with the SD card with recovery.bin on it.

And of course you do need superuser write to write to the EEPROM in the first place, but social engineer would be possible.

Note that the bootloader is not ARM, it runs on the Videocore processor so uses Videocore instructions.
My issue was with the "stop spreading the FUD" comment someone made. Having a rational discussion about possibilities is not FUD. Unfortunately Debian is not the worlds most secure Linux distro, and Raspbian as shipped is even worse. I completely understand the security decisions RPT has made and do not disagree with them. However by default it has a known user/password and many folks will put it up on a network with open routers with factory passwords. Not a particularly high bar. The 4 is as far as I know the first one with a reflashable bootloader which opens up the possibilities of persistent hacks.

Return to “General discussion”