2016-08-23 19:50 GMT+02:00 Henrik Nordström henrik@henriknordstrom.net:
That's why I'm asking if it would be possible to read the microcodes present on the chip, and check them against the online source codes (kind of a checksum ?).
no idea.
There is no microcode or closed firmware running on the A20.
There is a bootrom embedded in the CPU that allows the CPU to load the bootloader from flash or usb recovery but once the bootloader takes control the bootrom ceases to execute entirely.
The bootrom is easily extracted from both Linux and the USB recovery boot protocol if you want to analyze it further. But it is an embedded ROM memory in the CPU silicon that can not be modified short of Allwinner making another CPU silicon production mask and produces new CPUs.
What the A20 is missing from a security perspective is secure boot procedure. There is some primitive support but not really functioning. Some of you may think I am crazy speaking about secure boot, but properly used it is a very strong tool for ensuring that the installed software is not tampered with by untrusted parties. But this requires that you are in control of the security keys and not some untrusted proprietary vendor.
Regards Henrik
Thank you for detailing that :-) It's true that a secure booting mechanism would be a great addition to security. Nevertheless if I have to choose I prefer no secure boot than secure boot the way it has been implemented in almost all modern laptops, where almost only proprietary OSes are allowed to boot and everything is obfuscated since it's proprietary (that sort of secure boot in my opinion, doesn't add any security and only brings hassle). And the EOMA68 being libre, maybe people will be interested in developing a libre secure boot :-)