[Cryptography] Help with Raspberry Pi IoT initialization...
Peter Todd
pete at petertodd.org
Mon Mar 14 16:32:51 EDT 2016
On Fri, Mar 11, 2016 at 08:18:20AM +0100, Ralf Senderek wrote:
>
> On Thu, 10 Mar 2016, Peter Todd wrote:
>
> >Note that the RPI firmware on all models is writable/updatable and as far as I
> >can tell can't be put into read-only mode.
>
> Lacking any flash memory, the Raspberry Pi's firmware is (AFAIK) stored on the
> boot medium (SD card) but in a separate partition, so that the boot partition
> is not affected by firmware changes. Even though everything on the Pi is writable
> a verification code, started from the separate partition, could - in principle -
> verify the boot partition's fingerprint, BUT there is absolutely no guarantee
> that this code has not been tampered with. And, using the boot partition for
> anything but reading destroys even this possibility.
Ah, yes, you are correct.
I don't see any way to write protect that partition - the write protect switch
pins for the SD card are literally left disconnected on the RPI; on the RPI v2
a micro SD card is used, which doesn't even have a write protect feature.
--
https://petertodd.org 'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 650 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160314/cda4e70b/attachment.sig>
More information about the cryptography
mailing list