<div dir="ltr">Speaking of FPGAs (which I use for <a href="http://mega65.org">mega65.org</a>), I wonder if it would be interesting to try to get a student project going to reverse-engineer the FPGA bitstreams. In the first instance it would be nice to be able to work out our memories are initialised, so that bitstreams could be modified post-build to change the included memory contents...<div><br></div><div>Also a little related to this, we are contemplating making an FPGA-based smart-phone, so that the end user has a whole lot of control over how their device works.</div><div><br></div><div>Paul.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 25, 2016 at 1:11 AM, Juliusz Chroboczek <span dir="ltr"><<a href="mailto:jch@pps.univ-paris-diderot.fr" target="_blank">jch@pps.univ-paris-diderot.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">> I thought the chips themselves could be built to only cryptographically<br>
> accept approved firmware?<br>
<br>
</span>Yes, they can and some chips are. What we're expecting, however, is that<br>
the vendors of cheap routers won't bother -- their goal is merely to get<br>
FCC certification, so they'll implement the absolute minimum lockdown<br>
features that they believe will get them FCC certification.<br>
<br>
The other hope is that ARM boards are getting cheaper at a vertiginous<br>
pace, so with a little bit of luck (and a lot of hard work) the community<br>
should be able to produce a usable design based on an off-the-shelf board<br>
that is completely open and reasonably priced. Right now, the main point<br>
of contention is the lack of either wifi or meiniPCI on most boards -- wifi<br>
chips need to be connected over USB, which sucks --, and the limitation to<br>
just one Ethernet port.<br>
<br>
If you're interested in learning what mechanisms can be used to lock down<br>
a fairly powerful SoC, have a read through chapter 32 of the Xilinx Zynq<br>
manual:<br>
<br>
<a href="http://www.xilinx.com/support/documentation/user_guides/ug585-Zynq-7000-TRM.pdf" rel="noreferrer" target="_blank">http://www.xilinx.com/support/documentation/user_guides/ug585-Zynq-7000-TRM.pdf</a><br>
<br>
Section 32.2.4 describes the "eFuse", which confirms what David has been<br>
saying.<br>
<br>
Note that I'm not picking on Xilinx here (or ARM, for that matter) --<br>
quite the opposite, Xilinx provide comprehensive hardware documentation<br>
without registration, let alone an NDA. Good luck finding similarly<br>
detailed information about MIPS-based Broadcom chips.<br>
<br>
(Except that Xilinx are still not documenting the bitstream format. Grr.)<br>
<span class="HOEnZb"><font color="#888888"><br>
-- Juliusz<br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
Battlemesh mailing list<br>
<a href="mailto:Battlemesh@ml.ninux.org">Battlemesh@ml.ninux.org</a><br>
<a href="http://ml.ninux.org/mailman/listinfo/battlemesh" rel="noreferrer" target="_blank">http://ml.ninux.org/mailman/listinfo/battlemesh</a><br>
</div></div></blockquote></div><br></div>