Behind the Xbox Boot Code

NiteStar writes "The Xbox-Linux team has up a new article about The Hidden Boot Code of the Xbox. The Xbox console contains a 'chain of trust' to allow only legit Microsoft signed code to run on the Xbox. The hidden 'MCP' boot ROM (just 512bytes) is the link between hardware and software in this chain of trust." From the wiki article: "The Xbox, having an external (reprogrammable) 1 MB Flash ROM chip (models since 2003 have only 256 KB), would normally start running code there as well, since this megabyte is also mapped into the uppermost area of the address space. But this would make it too easy for someone who wants to either replace the ROM image with a self-written one or patch it to break the chain of trust ("modchips"). The ROM image could be fully accessed, it would be easy to reverse-engineer the code; encryption and obfuscation would only slow down the hacking process a bit."

Summary

[acaspis]

• Due to technical constraints, the Xbox designers had to implement a secure virtual machine in 175 bytes of x86 code, and failed (there are at least two execution paths leading out of the sandbox). But congratulations for trying.

• They also used a non-cryptographically-secure hash function for authentication (or maybe they didn't have enough space left).

Nice attempt at a TCPA-like architecture, though. And cheers to the xbox-linux guys for their amazing achievements and enlightening write-up.

Re:A guess

[brkello]

Soo, ummm....I take it there is a position in monk electric that will be opening soon. Should I send my resume?