Slashdot Mirror
Hackers Manage To Run Linux On a Nintendo Switch (techcrunch.com)
Romain Dillet reports via TechCrunch: Hacker group fail0verflow shared a photo of a Nintendo Switch running Debian, a distribution of Linux. The group claims that Nintendo can't fix the vulnerability with future firmware patches. According to fail0verflow, there's a flaw in the boot ROM in Nvidia's Tegra X1 system-on-a-chip. When your console starts, it reads and executes a piece of code stored in a read-only memory (hence the name ROM). This code contains instructions about the booting process. It means that the boot ROM is stored on the chip when Nvidia manufactures it and it can't be altered in any way after that. Even if Nintendo issues a software update, this software update won't affect the boot ROM. And as the console loads the boot ROM immediately after pressing the power button, there's no way to bypass it. The only way to fix it would be to manufacture new Nvidia Tegra X1 chips. So it's possible that Nintendo asks Nvidia to fix the issue so that new consoles don't have this vulnerability.
I suspect this ROM will be deeply embedded as part of the IC and will be impossible to reprogram; it isnâ(TM)t an eprom itâ(TM)s part of the Silicon.
Seconding this. From the way things read, it appears to be part of the Tegra chip itself, not a separate chip. However, that doesn't mean it isn't flashable. I'm not sure about this specific implementation, but playing with microcontrollers like ARM or AVR chips, they all have embedded persistent storage banks for code and data on the same die as the processor (and well everything else for that matter, being full SoC)
"have this vulnerability" duh! a vulnerability?
;)
;)
Anything I can re-purpose by loading Linux on it is a plus in my world
Just my 2 cents
You have to physically put something on the device to make it work in this way. Being in control of a device you physically control isn't a vulnerability, it's a feature. Being in control of a device because something something network internet packet is a vulnerability.
Long as the wallet is fat.
You are welcome on my lawn.
Some ROMs are OTP (One Time Programmable), so once you have loaded them they can't be changed.
The question is if the hole can be easily plugged.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
You used "Hacker" in the correct context!
The only bulge in my pants the ladies seem to care about.
Some ROMs are OTP (One Time Programmable), so once you have loaded them they can't be changed.
That used to be common, but is rare today except in super cheap 8 and 4 bit chips. You can usually erase and rewrite programmatically, or using JTAG.
This is not something to celebrate.
In the old days, when people said "Hackers got Linux running on a toaster", it meant that some clever people spent some time figuring out how to write hardware-specific Linux components for the toaster; it meant that Linux was improving, and growing.
Today, when people say it, they mean that some shady group of people used some shady techniques to exploit a bug in the toaster, and if you want to do the same on your toaster, then you'll probably have to download from some shady website a shady black-box binary blob that will run the exploit for you, without you ever really knowing just WTF is going on; it means that personal computing is further collapsing.
You would have had more credibility if you didn't post with your GOD DAMNED IPHONE
That Debian is a Linux distro and what a ROM is, perhaps this isn't an article meant for slashdot.
The most common connotation in my half century of speaking English is that they somehow _barely_ did it. At the last minute, with duct tape and baling wire. And who knows, they might not be able to do it again.
Whereas if they "got Linux running on it", then just say it plainly: they got Linux running.
I mean WTF, this is like saying someone's "sorta pregnant." No, they're either pregnant or they're not. There is no half pregnant. There is no "managed to run it.". It's running. Case closed. End of Discussion.
How long until we can download Switch roms? Sounds like you could even have your own switch store with free roms to download straight to the device
my karma will be here long after I'm gone
When old-timers talk, ROM means ROM. If we meant EEPROM, we would have said EEPROM.
Now get off the freakin' lawn!
#DeleteFacebook
Hackers Manage to Run Linux on X is probably to most common beginning to a /. headline. As long as new devices are manufactured, nerds will make them run Linux. Imagine if all these countless man hours were spent making Linux work on PCs.
"From the depths of my skeptical and rationalist soul, I ask the Lord to protect me from California touchie-feeliedom."
There is no half pregnant.
Depending on context, more precise terms could be any of the following:
There is no "managed to run it.". It's running.
"Barely running Linux" is likely to mean running without driver support for the hardware features that an end user would expect to be able to use with a port of Linux. A Linux system without input, accelerated graphical output, audio output, persistent file system, networking, or power management is a starting point. But until it's shown running an application as a proof of concept, such as something using SDL, it's still in a state that one could describe as "barely" or "managed to".
Can it run Linux?
Yes, people now use FLASH memory but place it into read-only mode. It is cheaper when one requires relatively large amounts of memory - as would be required by a ROM. There is probably a way to program the memory if you interrupt the boot sequence before the OS is loaded. One would require a hardware connection - such as JTAG. But from the perspective of the OS, it behaves just like a ROM.
Or perhaps there is a jumper to enable read/write access. I believe the Asus Chrome Box units protected their boot ROM this way. Only instead of a jumper you had to remove a screw.
But can it play DOOM?
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
So, you didn't bother explaining what "LCS" meant in the article a few days ago, but you thought you had to tell us what DEBIAN was? FFS slashdot, WHO THE FUCK IS YOUR AUDIENCE?
Debian/Ubuntu, et al fanbois, it seems are the audience they are looking for.
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
why not make it flash rom?
Unmodifiable early boot rom is very common. The Wii also had it. The Wii also had a bug in it that they fixed in a later hardware version. See http://wiibrew.org/wiki/BootMi...
The reason for it not being EEPROM is simple. They don't want anyone to modify it, as it's the start of the secure boot process. Allowing modifications on it would defeat the goal of this ROM.
Did the person writing this not know that ROMs can be reprogrammed such as an EEPROM?
Did the person writing this not know that not all ROMs are EEPROMs? And that even if they are, if they are not exposed as such to the operating system then the operating system will not be able to reprogram them?
systemd is Roko's Basilisk.
What you point out is a part of a larger and more significant problem that gets into another /. thread—"What is missing in tech today?". What's missing is an appreciation that computer owners ought to be able to use their computers in the way they wish, fully owning and controlling their own computers. What's present is a focus on relatively minor issues like what gadgets people might find slightly more convenient to use (but apparently not to own).
Since people want this (the phrase "jailbreaking" is a testament to this; we wouldn't need this term if people enjoyed having their devices "jailed") the corporate proprietor-friendly media (and repeater sites) remind us when covering a story like this in multiple ways: from eschewing any reminder of the freedom to run, inspect, share, and modify published computer software like calling the installed OS "Linux" even when Debian calls their system GNU/Linux and the proper name is on the screenshot (just above the "fail0verflow" textual graphic), to using propagandistic language. There's also suggestion that the code is to be seen as "potential[ly] weak" instead of a means of allowing owners to control their own computers, and blaming fail0verflow should they choose to publish the means by which they installed Debian GNU/Linux on the Nintendo Switch for enabling "homebrew apps and (of course) software piracy". Ridiculous unchallenged and undefended anti-user views throughout which is par for the course in corporate media.
Digital Citizen
When old-timers talk, ROM means ROM. If we meant EEPROM, we would have said EEPROM.
Exactly.
Just cruising through this digital world at 33 1/3 rpm...
It really depends if they actually have the hardware necessary to write the flash memory. It requires a higher than normal voltage, so if the chip wants to have self programming capability then it has to have as high voltage generator.
While this hardware is cheap it's not free, and carries risks. It can accidently erase or corrupt the flash memory. To mitigate that you need brown out protection, but even that isn't perfect so you will see a higher failure rate.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
I'm not even old, but been into electronics long enough, that when I read that I thought exactly the same thing(He would have said EE/EPROM had he meant it) If this was not already +5 insightful, I would have added one.
It's a portable gaming system pretending it is also a tv console to pretend nintendo didn't dropped the tv console market.
But on the other hand, it does have the smallest gap to the consoles a nintendo portable ever did.
There seems to be no requirement to open the console, or even solder, and the picture shows what seems to be a board with an FTDI chip, and 2 wires going to the console. Is it just a UART, and are they getting into the bootloader that way ? If this is all it takes, then I imagine piracy to be rampant soon. https://pbs.twimg.com/media/DV...
I ran Linuz on a potato clock, next...
But just because something is a ROM does not by itself mean it canâ(TM)t be changed.
If it's actually a ROM, that's exactly what it means. And even if it's a flash ROM that there's no way to write without attaching external hardware, then from the standpoint of a user who doesn't want Nintendo to patch away the vulnerability, it might as well be a mask ROM.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
It's a direct quote from TFA, and it reads like it was written for third-graders. Not very crunchy.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
I guess that means I have to buy a Switch now before they come out with an updated boot ROM. I can put it next to the two Wiis I have that haven't even been turned on since Twilight Hack happened.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
"when your console starts, it reads and executes a piece of code stored in a read-only memory (hence the name ROM)"
It's highly detailed technical analysis like the above that I come here for.
--
sig: I'll bet you're the kind of guy that hangs round Reddit fapping off over pictures of furries and yellow-scaled wingless dragonkin
This is true. It's basically Nintendo's backdoor way to exit the console market while saving face.
SJW: Someone who has run out of real oppression, and has to fake it.
from eschewing any reminder of the freedom to run, inspect, share, and modify published computer software like calling the installed OS "Linux" even when Debian calls their system GNU/Linux and the proper name is on the screenshot
I too write the term "GNU/Linux" in part because it's a convenient way to say I don't mean Android. But this particular point isn't quite the strongest in your argument because practically, until enough drivers are ported to let the user interact meaningfully with the GNU operating environment, it's still "Linux".
It really depends if they actually have the hardware necessary to write the flash memory. It requires a higher than normal voltage, so if the chip wants to have self programming capability then it has to have as high voltage generator.
While this hardware is cheap it's not free, and carries risks. It can accidently erase or corrupt the flash memory. To mitigate that you need brown out protection, but even that isn't perfect so you will see a higher failure rate.
All the SOC chips out there already require multiple power rails at various different voltages. Managing all the power rails is a real pain - TI and others make ICs with internal LDOs and DCDC switches to simplify the process. So all SOCs will all have access to the 3.3V / 1.8V rails required to write to FLASH. Without this, they would never be able to support a USB transceiver.
The FLASH memory will not require additional hardware for writing - the controller will include all required components. The SOC will simply interface using quad-SPI or some other standardized bus. Unless they have specific reasons to make it complex, they will use a licensed IP module for FLASH memory and that is it. Making it a true ROM would add to the cost and complexity - significantly. WIth transistor budgets the way they are, savings from a read-only ROM are non-existent. Costs associated with an error in ROM that could have been fixed had it been FLASH - scary high.
It seems to me that Switch owners either use it predominantly as a handheld or as a portable, few actually 'switch' it up that much. Some people hate tiny screens, others hate cramped controls, others hate sitting in one spot or gaming at home. An unusually powerful handheld that gets all of Nintendo's AAA games means I only have to buy 1 Nintendo device each generation, instead of two, to get all the stuff I want.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
3.3v isn't enough to write cheap flash memory.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
To be honest, I've enjoyed the vast, vast majority of my gaming life on systems that would be considered so laughably slow and obsolete now that people wouldn't take them off your hands for free.
It didn't once affect my enjoyment of the games, my enjoyment of replaying the games, or the nostalgia of going back to those same games 30 years later (whether on original hardware or via emulation).
If you think that anyone who plays games care about how many MHz or how many CUDA cores or how much texture RAM a certain device has, you're sadly in the minority. I gamed through the home computer rivalries, the 8-bit and 16-bit rivalries, PC vs console, online vs local LAN, etc. and not once did I ever care about having what was technically best, compared to what played the games I most enjoyed.
Nintendo are pretty much the only modern console company that get this. All their effort goes into the game design and new, fun twists, rather than what texture fill rate they can achieve.
Even in my "PC gamer" years on my twitch-shooters, I still didn't really care about those people who bought the top-line gear, overclocked everything, etc. just to get a few more FPS or a lower ping. It was the game that mattered.
Same as car-nuts. I'm sure your car does 0-60 in some unfathomably trivial fraction of a second faster than mine. But that's not why I bought the car. Don't put your use case onto me, or entire markets of billions of people who "just want to play a game with the kids".
Call me when they have a dual boot ready for Android, or more specifically, using the Switch as a full nVidia Shield TV.
I mean, I'm getting one anyways, but that would certainly double the value in my page. xD
Little ARM and AVR chips almost always have embedded Flash memory, and high-performance chips like x86 CPUs and mobile phone SoCs almost never do. It has to do with silicon technology. It is not practical to put Flash memory into a cutting edge silicon process for a bunch of technical reasons.
So yes, it's ROM. Mask ROM. Not writable.
Yes, because when I put Linux on a PS4 I certainly didn't spend several months figuring out how to write hardware-specific Linux components for the PS4.
Oh, wait, I did. I also happened to reverse engineer the Radeon GPU microcode instruction set. So now every AMD Radeon user can benefit from being able to understand what their GPU firmware is doing, which they couldn't in the past.
But hey, I guess GitHub is some shady website that serves shady black box binaries, and implementing kexec as a hot-patchable module for the FreeBSD kernel is a decidedly shady technique. Right.
Jesus, how did I manage to fuck up the links so badly. Link, link, link. And some bonus stuff.
how usable will this turn out the be?
the nvidia tegra soc has horrible linux kernel support.
it even made Linus flip the finger at nvidia.
On a long enough timeline, the survival rate for everyone drops to zero.
Sony tried this several years ago with the PS3...and subsequently removed it after the community started to exploit it:
https://en.wikipedia.org/wiki/...
> It could have some financial implications for Nintendo.
Yeah they might sell more switches since they've now just become useful.