Olimex Ethernet interfaces resistant to soft-bricking?

Started by tebin, September 27, 2019, 03:03:54 AM

Previous topic - Next topic

tebin

I have been suggested by a Freedombox developer to refer here with my question:
https://discuss.freedombox.org/t/freedomboxs-ethernet-card-resistant-to-soft-bricking/382/4
It's all in the title. As I posted there, should I have issues with malicious attempts and soft-bricking, particularly ether-stuff, once I hopefully get an Olimex Freedombox, that should be repairable by reflashing the firmware?

LubOlimex

Yes, you can re-flash the Linux in case things go wrong.
Technical support and documentation manager at Olimex

tebin

I looked up a few times after I posted, but saw no reply-post before...
Quote from: LubOlimex on September 27, 2019, 08:15:31 AM
can re-flash the Linux
I meant reflashing the ether-firmware. Like in 'man ethtool'.

JohnS

What makes you think they are soft (have reprogrammable microcode) and that in some cases they cannot be reprogrammed?  I look to have missed it if you think they are like that.

(Obviously you'll have checked how they work / read the datasheets / etc.)

John

tebin

Quote from: JohnS on October 04, 2019, 10:19:35 AM
What makes you think they are soft (have reprogrammable microcode) and that in some cases they cannot be reprogrammed?
(Obviously you'll have checked how they work / read the datasheets / etc.)

John
Haven't yet. Reasons in the link to freedombox forum, at top (find "looking to"...).

But I feel that I do have to quote myself from my intro there:
> ethercards/routers get soft-bricked, I had a few cases myself.

And here is a quote from man ethtool. More in the linux source, a very hard source which I find to be:

Quote-f --flash
              Write a firmware image to flash or other non-volatile memory on the device.
Hackers can do that from connected remotely to your device, there is little doubt that, given time, a capable but malicious hacker would be able to do such flashing to soft-brick your device. The time needed may be substantial, and may not be so very very much... Theoretically, maybe other yet embedded devices experts could tell us...

Any support once I get me the years long desired LIME2, if I should get soft-bricked? Because I do want it online most of the time...

@JohnS, thanks for looking into this. (And of course thanks @LubOlimex for looking into this previously.)

JohnS

I'm fairly sure the chips they use do not have any reprogrammable flash (but if they did they could be reflashed).

Of course that doesn't guarantee the internal silicon is 100% perfect - just as it turns out so many chips have internal bugs (thus, Spectr, Meltdown, ...).

I suspect there are plenty of undiscovered bugs in Linux & apps still, if you want to worry...

Meantime it may be best not to boot via any reflashable memory, so stick to (say) a write-protected SD card.

John

LubOlimex

A20, A64, A33 chips were not affected by spectre and meltdown as far as I know, Tsvetan even announced it here: https://olimex.wordpress.com/2018/01/09/spectre-and-meltdown-attacks-and-olinuxino-and-soms/

Can't say about Ethernet chips but I googled "KSZ9031 vulnerability" and couldn't find anything interesting.
Technical support and documentation manager at Olimex

JohnS

I think we've reached "testing can reveal the presence of bugs but cannot reveal their absence".

John