**** BEGIN LOGGING AT Tue Sep 12 03:00:01 2017
Sep 12 08:43:20 <freemangordon_> merlin1991: ping
Sep 12 08:56:04 <DocScrutinizer05> moin
Sep 12 10:55:11 <jonwil> hi
Sep 12 11:33:38 <DocScrutinizer05> freemangordon: ping
Sep 12 11:36:23 <DocScrutinizer05> >>To use AES on N900 you need to flash special boot loader.<<
Sep 12 11:44:40 <freemangordon_> DocScrutinizer05: pong
Sep 12 11:44:54 <DocScrutinizer05> you know this crypto NOLO?
Sep 12 11:45:17 <freemangordon_> yes
Sep 12 11:45:21 <DocScrutinizer05> good :-)
Sep 12 11:45:39 <DocScrutinizer05> should CSSU... ?
Sep 12 11:45:41 <freemangordon_> it enables AES IP in the L2 firewall, iirc
Sep 12 11:45:46 <DocScrutinizer05> yep
Sep 12 11:46:09 <DocScrutinizer05> http://susepaste.org/25062175
Sep 12 11:46:32 <freemangordon_> re cssu - there is not much use of that AES, it is slower than doing it on MPU
Sep 12 11:47:10 <DocScrutinizer05> duh!
Sep 12 11:47:51 <freemangordon_> it makes sense if we do some mobile payments or such, which we don't :)
Sep 12 11:48:15 <DocScrutinizer05> but it's a coproc, right? so it could run concurrently to "normal" tasks, e.g. for disk encryption
Sep 12 11:48:44 <freemangordon_> iirc somebody tried it, and there is no gain, on the contrary
Sep 12 11:48:52 <DocScrutinizer05> dang
Sep 12 11:48:53 <freemangordon_> yes, it is coproc
Sep 12 11:49:40 <freemangordon_> but you do supervisor call, iirc, with all the nasty contexts switches etc
Sep 12 11:49:50 <DocScrutinizer05> I see
Sep 12 11:50:16 <freemangordon_> there should be a thread on TMO with the results
Sep 12 11:50:36 <DocScrutinizer05> does the NOLO itself reveal something, at least. EG when comparing it to default xloader/nolo?
Sep 12 11:52:14 <DocScrutinizer05> I mean, maybe we got a second signature, cracking would be more than twice as fast with two than with just one signature - in theory ;-D
Sep 12 11:52:57 <DocScrutinizer05> and maybe this is BS I pulled right outa my read
Sep 12 11:53:07 <DocScrutinizer05> rear even
Sep 12 11:53:12 <freemangordon_> you mean 2^127 years instead of 2^128? :p
Sep 12 11:53:24 <DocScrutinizer05> yes, this sort of thing ;-P
Sep 12 11:54:40 <DocScrutinizer05> I'm still totally unclear about signatires of xloader in GP SoC
Sep 12 11:55:17 <DocScrutinizer05> does GP also have a L2 FW?
Sep 12 11:56:10 <DocScrutinizer05> I'd assume they build the very same chip, incl all IP, and just change the xloader and signature
Sep 12 11:56:23 <DocScrutinizer05> resp L2 config
Sep 12 11:56:36 <DocScrutinizer05> a mere guess
Sep 12 11:57:13 <freemangordon_> iirc, yes, there is L2 firewall on gp devices
Sep 12 11:58:20 <DocScrutinizer05> and the L2 config is completely done in xloader, or would GP and HS have different ROMBL (apart from obviously different signatures/keys)?
Sep 12 11:59:43 <DocScrutinizer05> iirc the omapedia about bootloader said you need to sign xloader for GP too (they don't even cover HS devices there)
Sep 12 12:00:12 <DocScrutinizer05> ~listvalues omapedia
Sep 12 12:00:14 <infobot> Factoid search of 'omapedia' by value returned no results.
Sep 12 12:01:31 <freemangordon_> sure GP xloader needs to be signed
Sep 12 12:01:43 <DocScrutinizer05> ~listvalues omappedia
Sep 12 12:01:44 <infobot> Factoid search of 'omappedia' by value returned no results.
Sep 12 12:01:53 <freemangordon_> but it is not a problem as the keys are known
Sep 12 12:02:39 <freemangordon_> though I don;t remember signing xloader for BB back then
Sep 12 12:03:01 <freemangordon_> though it could be that I just forgot
Sep 12 12:03:11 <DocScrutinizer05> http://omappedia.org/wiki/Bootloader_Project
Sep 12 12:04:54 <DocScrutinizer05> >>Note: If you are using an HS (High Security) OMAP device, an extra step is required. First, build x-load.bin using the steps above. Then, download the MShield signing tool and use the commands below. Contact your TI representative to get access to this tool.<<  o.O
Sep 12 12:06:29 <DocScrutinizer05> now who's at home in darknet? ;-) find that tool
Sep 12 12:06:57 <DocScrutinizer05> though... prolly Nokia had their own keys
Sep 12 12:08:18 <DocScrutinizer05> ~#maemo boot is http://omappedia.org/wiki/Bootloader_Project
Sep 12 12:08:18 <infobot> okay, DocScrutinizer05
Sep 12 12:27:41 <bencoh> xloader is signed on n900?
Sep 12 12:36:20 <DocScrutinizer05> I *think* yes
Sep 12 12:37:49 <DocScrutinizer05> the question rather is if it *needs* to be signed, or if a HS device would behave exactly like a GP device when yiu use a GP (unsigend) xloader
Sep 12 12:40:03 <DocScrutinizer05> this basically boils down to the question if GP and HS SoCs share same ROMBL (or if the ROMBL maybe has a check if there's a HS key or not and acts differently when there is)
Sep 12 12:58:07 <DocScrutinizer05> >>It's also worth noting the TI did not technically disable TrustZone. Instead, the bootrom code transitions the processor into the Normal world prior to switching execution to U-boot. So it's actually using TrustZone to move to the Normal world, but then doesn't provide a mechanism for moving back to the Secure world<<  https://stackoverflow.com/questions/7955982/arm-trustzone-development
Sep 12 13:01:57 <DocScrutinizer05> >>Yes, things have changed considerable to the positive after 5 years :) << 2017-06-29
Sep 12 13:06:04 <DocScrutinizer05> hmmm https://github.com/OP-TEE/optee_os
Sep 12 13:06:30 <DocScrutinizer05> ~trust
Sep 12 13:06:30 <infobot> rumour has it, trust is safe, or http://www.youtube.com/watch?v=0cbS_lDJuJg
Sep 12 13:06:32 <DocScrutinizer05> ?
Sep 12 13:11:18 <DocScrutinizer05> this whole trustzone stuff is as intangible as... No docs at all
Sep 12 13:13:24 <DocScrutinizer05> and I still don't buy it that there's any benefit from it for end users that couldn't get achieved as well (and actually always been) by mere decent implementation of classical OS-based permission handling
Sep 12 13:15:49 <DocScrutinizer05> as soon as you hand the signing tools to unwashed public, there's no visible benefit from trusted computing at all
Sep 12 13:54:33 <DocScrutinizer05> a completely different topic: FSF RYF
Sep 12 13:55:40 <DocScrutinizer05> from dng@lists.dyne.org  "From:	"Taiidan@gmx.com" <Taiidan@gmx.com> Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]  2017-09-08 Fri 06:22"
Sep 12 13:56:26 <DocScrutinizer05> >> Full documentation and HDL's will be available for all components besides the onboard broadcom nics which currently require a firmware blob as there are no open source non-intel gigabit NIC's - but the FSF says that this minor detail doesn't prevent it from receiving RYF certification as they are behind the POWER-IOMMU and as such are not capable of doing anything malicious.<<
Sep 12 13:57:40 <DocScrutinizer05> I wonder how they can do this for that hardware, but then consider Neo900 doing basically same as sufficient reason to deny RYF
Sep 12 13:59:42 <DocScrutinizer05> we also have no open source WLAN/BT solution available and whatever that IOMMU it's not better than a mere SDIO hw interface
Sep 12 14:01:02 <DocScrutinizer05> and I don't think I want to even start about our modem sandbox solution that's definitely way beyond anything IOMMU
Sep 12 14:01:29 <DocScrutinizer05> anybody FSF around to comment?
Sep 12 15:43:13 <Pali> ~deb2dsc
Sep 12 15:43:13 <infobot> hmm... deb2dsc is on http://pastebin.com/ZPuYnZPr
Sep 12 15:43:23 <Pali> freemangordon ↑↑↑
Sep 12 15:44:26 <Wizzup> jesus. only on pastebin? :D 
Sep 12 15:45:30 <freemangordon> Pali: thanks
Sep 12 15:46:09 <bencoh> :D
Sep 12 15:58:49 <freemangordon> Pali: (and the others) how it sounds "Oroshi" as a codename for that maemo-devuan frankenstein?
Sep 12 16:00:14 <Wizzup> Oroshi?
Sep 12 16:00:21 <Wizzup> we had some codenames, but not project names
Sep 12 16:00:25 <Wizzup> e.g. 'kawai'
Sep 12 16:00:43 <freemangordon> Wizzup: nokia used to name releases after winds
Sep 12 16:00:57 <Wizzup> ok. I am going to be afk for a bit.
Sep 12 16:01:03 <KotCzarny> is there a name for 'wind of change' ?
Sep 12 16:01:04 <Wizzup> need food
Sep 12 16:01:11 <freemangordon> KotCzarny: no idea
Sep 12 16:01:28 <KotCzarny> or wind of hope
Sep 12 16:02:21 <freemangordon> KotCzarny: I found ^^^ at wikipedia, feel free to suggest another one if you need symbolics. I coose it because it sounds pretty much ok and simple
Sep 12 16:02:25 <freemangordon> *choose
Sep 12 16:03:12 <freemangordon> KotCzarny: https://en.wikipedia.org/wiki/List_of_local_winds
Sep 12 16:04:43 <freemangordon> Kona and Leste sound ok as well
Sep 12 16:04:53 <KotCzarny> yeah, it should come after 'h'
Sep 12 16:05:00 <freemangordon> mhm
Sep 12 16:05:22 <KotCzarny> Chinook, Diablo, Fremantle, Harmattan
Sep 12 16:05:29 <freemangordon> Meltemi ;)
Sep 12 16:05:34 <KotCzarny> Bora before chinook
Sep 12 16:05:35 <freemangordon> nad Bora
Sep 12 16:05:54 <KotCzarny> Loo ? ;)
Sep 12 16:05:58 <freemangordon> hmm, maybe Kona is better
Sep 12 16:06:15 <KotCzarny> Khamsin isnt bad either
Sep 12 16:06:25 <freemangordon> no, Loo doesn;t sound tasty :D
Sep 12 16:06:50 <KotCzarny> anyway, all winds starting with K on that page sound cool
Sep 12 16:07:09 <freemangordon> I like Kona more, it is shorter but still sounds good
Sep 12 16:07:57 <freemangordon> ok, if no objections in the next couple of hours, then it will be Lona :)
Sep 12 16:08:00 <freemangordon> *Kona
Sep 12 16:08:10 <KotCzarny> http://mentalfloss.com/article/56382/21-wonderful-words-wind
Sep 12 16:08:13 <KotCzarny> more names
Sep 12 16:08:26 <KotCzarny> willy-willy ?
Sep 12 16:08:51 <freemangordon> hehe
Sep 12 16:31:30 <drathir> Luna mmm....
Sep 12 16:31:59 <drathir> Kira
Sep 12 16:34:42 <drathir> ignore that... ^^
Sep 12 16:53:03 * sixwheeledbeast is getting deja-vu
Sep 12 16:53:12 <sixwheeledbeast> http://mg.pov.lt/maemo-irclog/%23maemo.2017-02-03.log.html
Sep 12 16:54:05 <sixwheeledbeast> I recall liking "Ostria" A warm southerly wind on the Bulgarian coast :)
Sep 12 17:57:49 <DocScrutinizer05> https://www.armis.com/blueborne
Sep 12 18:12:53 <freemangordon> sixwheeledbeast: ah, I remember I told you there is no such word in Bulgarian, back then :)
Sep 12 18:13:48 <DocScrutinizer05> freemangordon: ^^^
Sep 12 18:14:03 <DocScrutinizer05> please rate severety for maemo
Sep 12 18:14:14 <freemangordon> DocScrutinizer05: I'm reading through it
Sep 12 18:14:19 <DocScrutinizer05> ta
Sep 12 18:14:52 <DocScrutinizer05> stack overflow in bluetooth.ko?
Sep 12 18:20:02 <DocScrutinizer05> they pitched it well for maximum publicity with minimum help for experts to actually investigate
Sep 12 18:20:24 <DocScrutinizer05> at least a few random CVE are mentioned
Sep 12 18:21:55 <freemangordon> DocScrutinizer05: All Linux devices from version 3.3-rc1 (released in October 2011) are  affected by the remote code execution vulnerability (CVE-2017-1000251).
Sep 12 18:22:03 <freemangordon> so this does not affect n900
Sep 12 18:22:12 <freemangordon> the other one affects us, I guess
Sep 12 18:22:13 <DocScrutinizer05> :-) at least
Sep 12 18:22:37 <freemangordon> All Linux devices running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250).
Sep 12 18:23:00 <DocScrutinizer05> please share URLs to genuine CVE database
Sep 12 18:23:24 <DocScrutinizer05> I have a hard time finding it right now
Sep 12 18:24:15 <freemangordon> I don't have urls for those, I read what is on Armis Labs page
Sep 12 18:24:22 <DocScrutinizer05> ooh
Sep 12 18:24:36 <freemangordon> googling leadds to some fedora and redhat pages
Sep 12 18:24:40 <DocScrutinizer05> I fvrown at the latter one
Sep 12 18:24:41 <freemangordon> *leads
Sep 12 18:24:55 <DocScrutinizer05> there are multiple massively different Bluez implementations
Sep 12 18:24:59 <freemangordon> https://bugzilla.redhat.com/show_bug.cgi?id=1490911
Sep 12 18:25:47 <freemangordon> where is bluez upstream?
Sep 12 18:25:53 <DocScrutinizer05> nfc
Sep 12 18:26:04 <DocScrutinizer05> next to PA?
Sep 12 18:26:42 <freemangordon> https://git.kernel.org/pub/scm/bluetooth/bluez.git
Sep 12 18:32:38 <sixwheeledbeast> https://nvd.nist.gov/vuln/detail/CVE-2017-1000250
Sep 12 18:35:34 <DocScrutinizer05> sixwheeledbeast: ta
Sep 12 18:36:12 <sixwheeledbeast> np
Sep 12 18:36:48 <DocScrutinizer05> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9445  I guess was the one I looked for
Sep 12 18:37:48 <DocScrutinizer05> err, or nearby, anyway MITRE
Sep 12 18:38:48 <DocScrutinizer05> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250
Sep 12 18:58:30 <DocScrutinizer05> cf  https://bugzilla.redhat.com/show_bug.cgi?id=1490911
Sep 12 18:58:36 <DocScrutinizer05> iips sorry
**** BEGIN LOGGING AT Tue Sep 12 23:44:57 2017
Sep 13 02:26:00 <mike727> Thinking of getting a Droid4. Is there anything additional too elektranox.org , that I should look at?
**** ENDING LOGGING AT Wed Sep 13 03:00:00 2017