Domain: gensw.com
Stories and comments across the archive that link to gensw.com.
Comments · 12
-
No Linux on Geode
The PIC uses a locked and encrypted bios to make windows (CE ?) boot faster. I havent read anywhere of linux being installed on this specific device. http://www.gensw.com/pages/stories/amdpicst.htm
-
Re:Don't forget Airport
The SC400 is an Am486 core with a bunch of on chip peripheral controllers.
http://www.gensw.com/pages/prod/bios/chipsets/sc40 0.htm
-
Re:Reason why you can't fiddle with it
that web page talking about trusted security which doesn't mention this computer AT ALL
THAT page doesn't mention the AMD's Geode GX PIC, but the linked story ends with a link to THIS page certainly does. And it says:
Specialized BIOS/firmware requirements and functionality AMD's Personal Internet Communicator required some very specific features within a small footprint. The specialized features and the results delivered by the General Software development team are listed below. ...
Custom feature requirements and reliable operation were implemented using Firmbase® Technology v1.3. * Boot Security (Cryptographic handshake between firmware and OS/Application) assures the service provider of system integrity Links to bootsec landing page
Note that the Boot Security link is the exact same link I gave you before.
So yes, your original post was wrong about the problem being an idiot bootloader (meaning a simplistic bootloader). The device in the story does have an idiot bootloader, but it is a more sophisticated Trusted Computing-idiocy that goes to a lot of advanced effort to LOCK OUT any non-approved BIOS, non-approved operating system, or non-approved applications.
I was in his office (where I used to work at the next door down the hall) at AMD's facility just three weeks ago fiddling with WinCE on an old prototype of exactly the computer in question.
It's quite possible the the old prototype had an idiot bootloader and no Trusted Computing anti-tamper system in place.
- -
Re:Reason why you can't fiddle with it
that web page talking about trusted security which doesn't mention this computer AT ALL
THAT page doesn't mention the AMD's Geode GX PIC, but the linked story ends with a link to THIS page certainly does. And it says:
Specialized BIOS/firmware requirements and functionality AMD's Personal Internet Communicator required some very specific features within a small footprint. The specialized features and the results delivered by the General Software development team are listed below. ...
Custom feature requirements and reliable operation were implemented using Firmbase® Technology v1.3. * Boot Security (Cryptographic handshake between firmware and OS/Application) assures the service provider of system integrity Links to bootsec landing page
Note that the Boot Security link is the exact same link I gave you before.
So yes, your original post was wrong about the problem being an idiot bootloader (meaning a simplistic bootloader). The device in the story does have an idiot bootloader, but it is a more sophisticated Trusted Computing-idiocy that goes to a lot of advanced effort to LOCK OUT any non-approved BIOS, non-approved operating system, or non-approved applications.
I was in his office (where I used to work at the next door down the hall) at AMD's facility just three weeks ago fiddling with WinCE on an old prototype of exactly the computer in question.
It's quite possible the the old prototype had an idiot bootloader and no Trusted Computing anti-tamper system in place.
- -
Re:Reason why you can't fiddle with it
OK, having spoken with an AMD developer about this box, it turns out the thing has an idiot boot loader and not a regular BIOS.
Either someone is lying, or the "AMD developer" you spoke to doesn't know what he's talking about. If you read the GeneralSoftware website they do indeed document that this is not a "regular BIOS". It is instead a BIOS with extensive extra "BOOTSEC" security, and if you look carefully there is specialized hardware support that keeps the keys "safeguarded" in hardware, "safeguarded" even against an attacker (aka OWNER) with advanced tools trying to read these keys off of the busses. The keys are locked inside a chip itself, and software access is impossible.
It also documents numerous things that trigger "security violation exceptions" which disables applications or the operating system itself from running, including any attempt to change the "tamperproof BIOS" or the "tamperproof OS" or the "tamperproof applications".
Look to this page for an overview of the security system.
I cannot find any detailed documentation of the security system, but I can virtually guarantee it is built on top of the Trusted Computing Group's Trusted Platform Module (AKA TCPA AKA Palladium's Security Support Component AKA you no longer own your computer AKA All Your Base Are Belong To Us).
- -
Treacherous Computing
The problem booting from the CF card is probablly just a partition type or signature thing.
"Just a signature thing"? You talk about breaking what could possibly be 2-Kbit RSA like it's "just a signature thing". It looks like Treacherous Computing.
-
Re:Boot problem
It looks like the BIOS is using Crypto to lock the OS. Check out the link.
One of the "Custom Features" the BIOS company did was "Boot Security". Sounds like something the XBOX uses. We'll probably have to wait until someone comes up with a mod chip. -
Cryptographic BIOS?Apparently, the BIOS is designed by General Software for AMD and features a 'cryptographic handshake' between BIOS and O/S.
The Boot Security Application is a firmware application that establishes trust between platform hardware and the user application, preventing operation of systems compromised by unauthorized tampering with BIOS, OS, or application with cryptographic signatures on all trusted objects.
This sounds like a horrible lock-in to Windows CE ie: "We only want you to run what we want you to run"
However, in the same document:
Supporting both Linux and Windows, the Boot Security Application requires the user application running under Linux or Windows to periodically (as defined by a policy established by the ODM/OEM in the system registry) request security challenges and provide challenge responses, convincing the Boot Security Application, which represents the hardware and firmware, that the application is genuine. Similarly, the Boot Security Application responds to out-of-band challenges as requested by the user application, to convince the user application that it is running on genuine hardware and firmware.
So it now looks more like; "You can run another O/S but only if all the software is registered with us first"
The first line of attack with getting Linux running on an AMD PIC would appear to be by simply contacting General Software and asking if they are willing to provide some advice (Its worth a try). -
Re:For those interested in this - more details
It took us a while to figure out how to post to Slashdot, but in the mean time set up a web page with more details. Click here to see more information about the project and what we did. Oh, we did clear up that 400Mhz thing here as well, it was indeed my fault, but what I should have said was we clocked a 600Mhz PIII at 400Mhz in safe mode. Basically, we were trying to get across a rough idea of the speed at which instructions were being retired to tie-into that 0.8 seconds. Many thanks for your post. Steve Jones, General Software, Inc.
-
General Software's Page for Quick Boot Soyo
In order to accommodate the numerous requests for more information about the General Software Quick Boot Soyo Experiment, we've set-up a web page and an email address for more details and additional direct queries. The web page contains more details, and a FAQ which the company would like to update based on inquiries to the email address. We would have liked to provide information in real time using Slashdot's software yesterday, but there were so many threads started at once, it was obvious we were going to be unable to answer every query. I would like to thank the Slashdot writers for an ongoing discussion that continues to be read by the company's employees with interest. -- Steve Jones, General Software, Inc.
-
General Software's Page for Quick Boot Soyo
In order to accommodate the numerous requests for more information about the General Software Quick Boot Soyo Experiment, we've set-up a web page and an email address for more details and additional direct queries. The web page contains more details, and a FAQ which the company would like to update based on inquiries to the email address. We would have liked to provide information in real time using Slashdot's software yesterday, but there were so many threads started at once, it was obvious we were going to be unable to answer every query. I would like to thank the Slashdot writers for an ongoing discussion that continues to be read by the company's employees with interest. -- Steve Jones, General Software, Inc.
-
For those interested in doing this:You can find the BIOS they used here. It has to be custom-tuned, but this kit includes the code itself, so you can build the BIOS yourself. They basically disabled most of the checks and auto-configure options; no disk seeks (reasonable enough in a highly reliable system), only check the first word of every 1K memory block, no auto-configure of IDE, etc.
I've been waiting for something like this for a while! My car MP3 player takes too long to boot up... can't wait to get my hands on this. No mention of cost, but I've sent an e-mail to their contact link and will reply to this message with price if/when they get back to me.