[Cryptography] trojans in the firmware

David Johnston dj at deadhat.com
Wed Feb 18 01:53:47 EST 2015 

On 2/17/15 6:28 PM, Henry Baker wrote:
> I (and most everyone else, as well) no longer care about booting from "hard" disks.  Everyone boots from flash memories these days.
>
> So now the problem is gaining access to flash disk firmware.  Normally, you can't.  However, there are now really decent file systems developed for Linux for _bare_ flash devices (i.e., not USB or uSD flash drives, which utilize internally managed flash memory "log-structured" file systems; see BadUSB for more info).
>
> What I'm interested in now are completely raw flash devices having no microcode at all.  Perhaps someone is now packaging these chips in sodimm packages.  In any case, for many reasons having nothing to do with the NSA, I'd like to control exactly how my flash file system works.
>
> Many of the OpenWRT router devices utilize completely raw flash devices for their internal memory, which allows OpenWRT itself to choose how to manage the "file systems" for use on these devices.
>
> I haven't checked the details on the newest Raspberry Pi device, but perhaps its flash memory is based on similar completely raw flash devices.
>
I've designed many embedded computers using directly memory mapped flash 
devices. It was how it was always done before people started trying to 
make them look like hard disks at the interface.

There is a direct analogue with hard disks of old, that the OS directly 
controlled. The OS knew where the tracks and sectors were and where the 
head was and could therefore do things like head trajectory 
optimization. When disks got smart and started trying to look like a 
perfect array of sectors while hiding the physical layout, the 
opportunity for the OS to do the right thing was removed. So we ended up 
with ludicrous things like cache memory in the disk drive, rather than 
close to the CPU, because the CPU doesn't have the information necessary 
to manage the hardware.

So the management software in flash disks is a lot more complex than the 
incremental write and leveling algorithms that were commonplace with 
directly mapped flash. Not because it needs to be, but because it is 
trying to present a model at the interface that is very different to the 
underlying medium.

You can (or you certainly could in the past) get PCI cards with memory 
mapped flash on them, if you aren't in a situation to make you own 
circuit boards.

Flash files systems were commonplace. They are still there in the Linux 
source code and I assume they are used in many products.

More information about the cryptography mailing list