Author Topic: Validate installed firmware (eg. against officially signed firmware)  (Read 6407 times)

FlyingBlackbird

  • Full Member
  • ***
  • Posts: 102
  • Karma: +3/-0
    • View Profile
How could I check the integrity of the installed (flashed) firmware of a Blackbird (or Talos) eg. against the officially downloadable firmware files (which are cryptographically signed)?

https://wiki.raptorcs.com/wiki/Blackbird/Firmware


MPC7500

  • Hero Member
  • *****
  • Posts: 588
  • Karma: +41/-1
    • View Profile
    • Twitter
Re: Validate installed firmware (eg. against officially signed firmware)
« Reply #1 on: February 12, 2020, 08:14:33 am »
You can verify the firmware with Flashrom and a Bus Pirate. But there should be an easier solution. But sadly, that's all I can say.

FlyingBlackbird

  • Full Member
  • ***
  • Posts: 102
  • Karma: +3/-0
    • View Profile
Re: Validate installed firmware (eg. against officially signed firmware)
« Reply #2 on: February 12, 2020, 04:03:14 pm »
You can verify the firmware with Flashrom and a Bus Pirate.

I have a CH341A device which is supported by the flashrom Linux program but I could not yet find instructions which parts of the memory are relevant for calculating the checksums and
also want to avoid removing the flash chips from the socket just to read them (perhaps this it not required since the flash update is possible from within OpenBMC but if OpenBMC is
compromised it could manipulate the reported checksum too).