/tech/ - Tech


Mode: Reply

Max message length: 8192


Max file size: 80.00 MB

Max files: 5


(used to delete files and postings)


Remember to follow the rules

Comrade 09/17/2019 (Tue) 02:45:23 No. 2569
Is Raspberry pi 4 safe to use?
Comparing to Intel/Amd that may be backdoored
>Is Raspberry pi 4 safe to use dompared to Intel/Amd that may be backdoored?
Cortex-A72 in the Raspberry Pi 4 are vulnerable to speculative instruction attacks without software patching which reduces performance similarly to AMD and Intel CPUs but the Raspberry Pi 4 lacks the ME, AMT, PSP, Microcode, etc issues. There are still a tremendous amount of issues regarding software freedom though, and with a lack of software freedom necessarily comes a lack of security, to quote the FSF on this matter:
>Boards based on the Broadcom VideoCore 4 family, such as the Raspberry Pi, require nonfree software to startup, although signature checks are not enforced. A free proof-of-concept replacement firmware has been developed, but it is not in a usable state, and development has halted. Until the nonfree startup program is fully freed, these boards are useless in the free world.

>By default, the GPU requires a blob running in this same startup firmware. However, Broadcom also supplies an "experimental" free software stack, which could run without blobs, if the startup firmware were free.

>The startup program also implements accelerated video decoding, primarily using highly optimized proprietary code as well as some dedicated video decoding hardware blocks. There are intentional restrictions, apparently due to software patents, blocking the use of this code without a license key (a form of DRM). Nevertheless, video decoding can be done with free software on the CPU, with a performance and power cost.

>There is an additional concern for the Raspberry Pi Camera Module, produced specifically for use with the Raspberry Pi. In order to access the Camera Module, it requires the use of a binary-only driver on the Raspberry Pi. This driver refuses to work unless authentication of an ATSHA204A chip present on the camera board succeeds. This is a crypto chip capable of solving challenge-response requests using a captive secret key within it, essentially it is used to prevent hardware cloning and confirm that the camera board was not manufactured by a third party. In other words, it is a form of hardware DRM. If necessary, you can use a USB webcam supported by free software instead.

Two secure products with roughly the same price range as the Raspberry Pi 4 are:

These products are of themselves as completely free of security faults as you can currently get, but keep in mind the software you run on your system is at this point far more important than the system its self. Performance of these devices is quite a bit less than that of Raspberry Pi 4 though. If you gave me your price range and requirements (what you want to run) I and others could better give you suggestions, and you could more directly achieve your objectives.
What about old hardware? Like a Pentium 133 or an AMD k-6 ?
>What about old hardware? Like a Pentium 133 or an AMD k-6?
Sure, you shouldn't really need to go that far back though, also those CPUs are probably slower than the systems I listed. It seems to me that at the very minimum some K-7 and Netburst CPUs would be a possibility. It's difficult for me to give suggestions though because they've just been consistently moving in this direction for such a long time, and because in many cases the early developments of these technologies are either innocuous or simple to work around.

2006-2008 is the grey area for Intel CPUs because this is when things started going south with AMT, ME, TPM, Microcode, Speculative Execution, etc. You really do have to do some research into the individual CPU to know for sure in this time span. I honestly don't know as much about AMD CPUs, I know some of them have speculative instruction issues since 2003. They started getting Microcode in 2007, they got SEM at some point post-2003 and they got their PSP system in 2013. It probably took a generation or two for each of these things to become strong enough to be harmful though as in Intel CPUs. If you really want to go back to the vary root of most of this it's with trusted computing which started to slowly be implemented starting around 2003:

Another concern for x86_64 systems is that they have non-free bios which need to be re-flashed with coreboot or libreboot in order to be able to boot using only free software. This problem is near universal with only a few examples of machines with modern Intel CPUs being the exception. Additionally the vast majority of systems lack support for libreboot/coreboot. Due to this there is no x86 system I can point to and say out of the box this is capable of running a desktop environment securely.
It recently came to my attention that there is actually a great deal of controversy on this board. It seems that it's not entirely standardized that it's not entirely open-source hardware, and there are a number of legal disputes with it. Given that I'd likely suggest the other board as a raspberry pi replacement.


no cookies?