Subject: Re: New life for Sun Ray 1s
To: None <port-sparc@netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: port-sparc
Date: 06/15/2002 16:15:46
>>> If its FLASH, then its reprogrammable [...]
>> Yes, but if it's soldered to the board, it's only as reflashable as
>> the surrounding electronics makes it.
> It's hard to believe Sun flashes the devices and *then* solders them
> to the board (though this is quite possible for high volume builds
> *if* the flashes are all *identical* -- i.e. no serial numbers!)

Why would that be a necessary condition?  Or am I just exposing my
ignorance of high-volume manufacturing?  I can't see any reason they
couldn't have a serial number, incremented each time one is flashed, in
the flashing equipment.

However, if they weren't going to design the board to reflash them,
they'd use a mask ROM rather than flash.

> So, chances are, there are some provisions on the board already to
> flash the devices "in circuit" with or without the aid of the
> processor.

ISTR someone saying that the existing code _is_ willing to reflash it,
provided the new code is suitably signed.

That means that either (a) someone needs to forge a signature or (b)
someone has to find a security hole in some existing already-signed
version (not necessarily the latest, as long as it's one existing
sunrays are willing to flash).

A thought: how many NetBSD folk are there who'd be willing to let some
of their cycles be used in a distributed attack on the signature
scheme?  We don't have to completely break the scheme, just produce
_one_ forged signature, for a "grappling hook" that's willing to flash
the _real_ NetBSD bootcode.  I don't know the signature scheme in use,
but forging a signature is probably what I've seen called
"embarrassingly parallel", so that many widely distributed machines can
be usefully brought to bear.  Of course, I also don't know the
signature scheme well enough to know whether it's practical to do even
_with_ distributed processing power.

The big problem is not cracking one sunray, but rather making it
possible for random sunray owners out there to crack their sunrays,
without needing to invest a dozen times the sunray's cost in JTAG
interfaces or ICE boards for the cpu in question.  Thus the
signature-forging question.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B