Removng NAND and eprom help

[korisnik]

can you remove NAND chip form LIME2 (if i cant find LIME2 whitout NAND in my store) so it dosent have any onboard memory, and can i clear eeprom by juicing it up whit samll dc poulse or somhow while its powerd off

[jmyreen]

can you remove NAND chip form LIME2 (if i cant find LIME2 whitout NAND in my store) so it dosent have any onboard memory,

If I read the schematic correctly, you only have to remove the jumper wire marked "NAND_E" on the back side of the board. This permanently disables the /CE (chip enable) signal on the NAND flash chip. You don't have to remove the NAND chip.

and can i clear eeprom by juicing it up whit samll dc poulse or somhow while its powerd off

No.

[korisnik]

can you confirm thet about joumper cuz i downloaded back photo but its low resolution so i cant see, so eeprom cant be cleard? can it be fullshed before system boots? and can i boot debian to ram?

i want to make total virus free system so it prefferably boots to ram so i can pull out sd card and ther is no memory to save
is it meybe better to use a20 SoM cuz i see it has no epprom

[jmyreen]

https://docs.google.com/file/d/0BzE54WrcXU97Wm5vR1JhOE81UlE/edit?usp=docslist_api

The two small dots in the middle of the linked picture are connected, even if it doesn't look like they are. Cut the trace between them to disable the NAND chip.

I wouldn't worry about the EEPROM chip. The processor can't execute code directly from it, and even if it could, the chip does not contain code. If something that is beyond your control writes data to it, you have bigger problems than the EEPROM chip to worry about. The same thing can actually be said about the NAND chip, too.

[korisnik]

ty for image i got it, but about eproom dont get me i am not super educated but how tou mean epprom cant execute code cant somone if he brakes in your system edit some stuff on eeprom and add some file thet runs insted mac addres or somting and when you boot your system it is copromised from start, as i know RAM memmory clears after some time whiout power

[jmyreen]

The CPU does not boot from the EEPROM chip, i.e. the boot code in the ROM inside the A20 does not load code from the EEPROM chip. To do so, it would first have to run some malicious code that would load the code from the EEPROM. If that happens, you are already infected.

The firmware *does* under some circumstances boot from the NAND chip, so in your scenario it is indeed worthwhile to disable the NAND chip.

[korisnik]

nah you dont get my drift my point isent to not copromise the system it is to not copromise next boot
so if example hacker brakes my system when i reboot again its clean like before, no malicius code on it to start copromisng next boot

1 more question can ROM in a20 chip be copromised?
i was thinking just swiching sd cards or just boot to ram and pull out card before connecting to internet

[JohnS]

Just don't use the EEPROM.  Nothing will unless you do.  Then it wouldn't matter if the rather unlikely thing of it being changed did occur.

The ROM is exactly that - a ROM.  The clue's in the name.  No-one but Allwinner knows if it is not truly a ROM and you can expect no answers from them so save yourself the trouble of asking.

You need to avoid USB as well as Ethernet of course.

John

[korisnik]

so you seying i am doomed whit my quest of making it safe?

and 1 more question? isent olimex open hardware i thinked thet means it uses only open hardware chips too

[JohnS]

No.  Just don't use the EEPROM.  Why do you need it?

Obviously you can't be 100% safe and use USB or Ethernet or WiFi or well, you get the idea.  So don't aim for 100%, especially if you plan to use almost any software that's widely available.  None of it was written with 100% in mind or if it was there's no sign of it!

John

[korisnik]

I was thinking of using USB and Wifi or ethernet but thets why i count thet eventualy my System will beacome compromised thets why i want to use fresh systeam evry time

about eeprom,  A20 doest use it by default or its called from booted system?

would it be better to just to use A20-SOM, it does't even have epprom?
just duno if i can connect lcd to it

[jmyreen]

nah you dont get my drift my point isent to not copromise the system it is to not copromise next boot
so if example hacker brakes my system when i reboot again its clean like before, no malicius code on it to start copromisng next boot

When the system boots, it starts executing code from the ROM inside the A20. The ROM code loads more code into RAM from one of the following:

• SD card 0
• the NAND chip
• SD card 2
• Flash memory connected to SPI
• USB

No "friendly" code is going to read the contents of the EEPROM and start executing it. (The Lime2 EEPROM is connected via I₂C, not SPI.) "Enemy" code could infiltrate the system and store itself in the EEPROM, but it won't get executed. For it to get executed, some more enemy code would be needed to read it from the EEPROM. Where would this additional code come from, and why would it go through the trouble of reading the EEPROM when the system has already been taken over by malicious code?

[korisnik]

so like i sead NAND is risk, what would hepend if i heat pull out eeprom chip so i can be 100% sure?

[JohnS]

You seem to be unable to understand that the EEPROM is irrelevant.

John

[korisnik]

soorry for being ignorant but i dont even know how l2c or SPI work i looked wikipedia but i am still not thet deap in electroncs, i understand you sed thet eeprom is on l2c and a20 ROM dosent use it on boot but first thing  i did after you replayed thet i googled  l2c a20 allwiner and it showed something about some patch and there were words boot