**** BEGIN LOGGING AT Fri Jun 11 02:59:57 2010
**** BEGIN LOGGING AT Fri Jun 11 04:19:31 2010
Jun 11 07:05:29 <shazkhan> good morning
Jun 11 09:32:44 <GarthPS|office> does some one know with illume2 how do we switch between applications?
Jun 11 09:37:13 <PaulFertser> GarthPS|office: you need to start some additional app...
Jun 11 09:37:34 <PaulFertser> GarthPS|office: shr_elm_softbutton
Jun 11 09:38:14 <GarthPS|office> PaulFertser: woow very meanfull for th newbie :)
Jun 11 09:38:16 <GarthPS|office> PaulFertser: thx!
Jun 11 09:38:30 <PaulFertser> :)
Jun 11 09:46:54 <JaMa> GarthPS|office: it's started from Xsession.d script.. but needs additional delay (enough to illume start first)
Jun 11 09:47:29 <mrmoku> JaMa: we should add that hack from dos1 until we properly fix it
Jun 11 09:47:40 <JaMa> GarthPS|office: there was no delay before, now there is IIRC 10s, but with first-run wizzard it's quite easy to miss this 10s limit and that hack doesn't work then
Jun 11 09:47:48 <JaMa> mrmoku: it wasn't applied yet?
Jun 11 09:48:46 <GarthPS|office> JaMa: for me i am switching form illume-shr to illume2 . not using the wizzard$
Jun 11 09:49:03 <GarthPS|office> JaMa: by the way , i am using marble right now :p
Jun 11 09:49:38 <mrmoku> JaMa: hmm... did not check after last upgrade
Jun 11 09:49:56 * mrmoku toooo busy dayworking after two weeks away :(
Jun 11 09:50:23 <JaMa> mrmoku: it was, but without SRCREV bump.. I'll bump it
Jun 11 09:51:39 <mrmoku> ahh ok, good :)
Jun 11 09:52:21 <JaMa> building..
Jun 11 09:54:09 <JaMa> I'm already using small sed call in my reflash script for some time: http://lists.openmoko.org/pipermail/community/2010-May/061766.html so I didn't notice it wasn't applied yet..
Jun 11 09:56:08 <mrmoku> :P
Jun 11 11:35:52 <JaMa> *something* synced to shr-u feeds.. :)
Jun 11 11:36:31 <JaMa> and building newer images for those who don't like longer opkg upgrades
Jun 11 11:39:01 <soltys> JaMa: how long update ?
Jun 11 11:45:17 <JaMa> depends on how many apps do you have, I guess about 5 mins here
Jun 11 11:45:29 <JaMa> maybe less I was afk
Jun 11 11:52:38 <soltys> mhm
Jun 11 14:45:51 <soltys> hi, I have problem building console-image for atngw100, libmad fails with some asm errors. log.do_compile is here http://wklej.org/id/349103/
Jun 11 14:50:31 <soltys> wrong channel ;D
Jun 11 15:32:51 <CIA-59> SHR: 03seba.dos1 07shr-settings * r1b2cf2540265 10/shr-settings: Fix typo in launcher - logtype.WARN -> logtype.WARNING
Jun 11 16:13:35 <morphis> heyho
Jun 11 16:13:37 <morphis> valos: ping
Jun 11 16:19:51 <valos> morphis: yes
Jun 11 16:20:22 <morphis> sorry for my late response to all of your questions, but I had to work a lot the last days
Jun 11 16:21:40 <valos> morphis: :-) no problem
Jun 11 16:21:59 <morphis> some minutes ago I answered one of your last mails
Jun 11 16:22:22 <valos> yes I seen
Jun 11 16:22:42 <morphis> to calirfy things: I want a daemon currently only to have a real linux input interface
Jun 11 16:23:07 <morphis> this would simply a lot of stuff
Jun 11 16:29:27 <morphis> valos: what do you think?
Jun 11 16:36:26 <valos> morphis: I agree
Jun 11 16:36:55 <morphis> ok
Jun 11 16:37:19 <morphis> I though first about doing all this stuff within the kernel 
Jun 11 16:37:39 <morphis> but I thinks thats something we could think about later
Jun 11 16:37:57 <Kensan> morphis: prototyping is faster in userspace
Jun 11 16:38:02 <Kensan> morphis: just a thought...
Jun 11 16:38:04 <Kensan> ;)
Jun 11 16:38:15 <morphis> Kensan: jepp, but the logic is already there
Jun 11 16:38:21 <morphis> we just need the bits around it :)
Jun 11 16:43:24 <morphis> valos: btw. I will commit your two patches 
Jun 11 16:43:43 <valos> morphis: ok 
Jun 11 16:44:40 <morphis> do you want to know anything before starting implementing tsmd?
Jun 11 16:45:44 <valos> morphis: no I think I have enough info to start coding
Jun 11 16:46:07 <valos> this evening I hope
Jun 11 16:46:26 <morphis> great
Jun 11 16:46:36 <morphis> btw. you can ask mickey for commit rights on git.fso.org
Jun 11 16:46:49 <morphis> I think there is no problem to give them to you :)
Jun 11 16:50:05 <valos> ok, I have to go (at home), back at 22h (same zone that  you, I live in Paris)
Jun 11 16:51:27 <morphis> valos: ah great
Jun 11 17:37:03 <CIA-59> freesmartphone.org: 03morphis 07msmcomm * rd838f81d90b9 10/libmsmcomm/ (9 files in 4 dirs): libmsmcomm: initial work on SMS support (incomming sms event, acknowledge sms command)
Jun 11 17:37:03 <CIA-59> freesmartphone.org: 03morphis 07msmcomm * r2ddc151d568e 10/libmsmcomm/ (specs/structures/system.xml src/message_network.c): libmsmcomm: support ref id in get_imei command
Jun 11 18:05:50 <CIA-59> freesmartphone.org: 03morphis 07msmcomm * r5008465370b6 10/libmsmcomm/src/ (7 files): libmsmcomm: move messages/response/events from system to network and vice versa
Jun 11 18:05:51 <CIA-59> freesmartphone.org: 03morphis 07msmcomm * r25e645861341 10/libmsmcomm/src/message_sms.c: libmsmcomm: fix typo in sms acknowledge message implementation
Jun 11 18:05:52 <CIA-59> freesmartphone.org: 03morphis 07msmcomm * r1c01eb7a7c5e 10/libmsmcomm/specs/messages/system.xml: libmsmcomm: specs: add initial version of the message definitions for the system domain
Jun 11 18:11:59 <shazkhan> hi everyone
Jun 11 18:12:19 <shazkhan> does uboot or Qi have features for secure boot?
Jun 11 18:15:39 <lindi-> shazkhan: what is secure boot?
Jun 11 18:17:36 <shazkhan> integrity chain ... bootloader authenticates kernel ... kernel authenticates init and then so on ... 
Jun 11 18:20:32 <lindi-> shazkhan: elinux.org/images/2/28/Trusted_Boot_Loader.pdf 
Jun 11 18:20:37 <shazkhan> lindi- http://www.cs.umd.edu/~waa/pubs/oakland97.pdf is an example
Jun 11 18:20:40 <shazkhan> :)
Jun 11 18:22:03 <ThibG> shazkhan, does Qi have features?
Jun 11 18:22:46 <PaulFertser> ThibG: it boots
Jun 11 18:22:53 <PaulFertser> shazkhan: no, Qi doesn't have that for sure
Jun 11 18:22:56 <shazkhan> ThibG: figuring out myself but it is not suppose to be difficult .... we can easily modify any boot-loader
Jun 11 18:23:17 <shazkhan> PaulFertser: Any idea if uboot can do it?
Jun 11 18:23:48 <shazkhan> Just have to figure out how to verify signature of the kernel appended with the kernel image :)
Jun 11 18:24:14 <PaulFertser> shazkhan: http://www.mail-archive.com/u-boot@lists.denx.de/msg18462.html
Jun 11 18:24:30 <lindi-> PaulFertser: I found the same page. maybe we are using the same search engine? ;)
Jun 11 18:24:47 <PaulFertser> lindi-: lol
Jun 11 18:25:24 <PaulFertser> I googled ``u-boot check kernel signature''
Jun 11 18:26:11 <shazkhan> so how do we verify the sha1 of kernel image ?
Jun 11 18:27:40 <PaulFertser> shazkhan: why isn't crc32 enough for you?
Jun 11 18:28:13 <shazkhan> do we have that in uboot or Qi?
Jun 11 18:28:33 <shazkhan> but I am more interested in sha1
Jun 11 18:28:57 <lindi-> shazkhan: u-boot does crc yes
Jun 11 18:28:57 <PaulFertser> shazkhan: Qi verifies CRC32 of uImages.
Jun 11 18:29:10 <ThibG> shazkhan, do you want to check the archive's integrity, or to be sure it comes from a trusted source?
Jun 11 18:29:18 <shazkhan> and comparing Sha1 should be simple as it is just an if statement
Jun 11 18:29:34 <lindi-> shazkhan: but where do you store that sha1?
Jun 11 18:29:48 <shazkhan> good question lindi-
Jun 11 18:29:49 <lindi-> shazkhan: can't the attacker just modify the sha1 too?
Jun 11 18:30:39 <shazkhan> then we have to have to unsign the kernel with the public key of trusted body to verify that things are integral
Jun 11 18:30:40 <PaulFertser> I'd ask the same question that u-boot dev (and ThibG) asked: what are you trying to do? If it's "trusted boot", then why tivoize an open device?
Jun 11 18:31:03 <shazkhan> whats tivoize
Jun 11 18:31:27 <shazkhan> PaulFertser: Use-cases
Jun 11 18:31:48 <shazkhan> ThibG what is archive's integrity
Jun 11 18:31:53 <ThibG> Tivo is a compagny that made their device boot only signed firmwares, although those ones were free software
Jun 11 18:32:33 <ThibG> shazkhan, integrity: you want to be sure your file isn't corrupted, but you won't check if it comes from a trusted source
Jun 11 18:33:07 <PaulFertser> http://www.google.com/search?q=define:integrity
Jun 11 18:33:23 <shazkhan> :)
Jun 11 18:33:39 <ThibG> if I understand right, you want to verify it comes from a trusted source. I'm not sure why you would want to do that, and I don't think u-boot has something for that (and I am sure Qi hasn't)
Jun 11 18:33:45 <shazkhan> archive was the question ... I am stuck with boot loader and kernel
Jun 11 18:33:53 <lindi-> PaulFertser: it's not tivoization if you hold the keys in your own safe
Jun 11 18:34:23 <PaulFertser> lindi-: probably. I'd like to hear a valid use-case from shazkhan though.
Jun 11 18:34:34 <ThibG> shazkhan, as u-boot files may contain several files, I used the term "archive", but, say, kernel
Jun 11 18:34:43 <shazkhan> maybe ThibG meant archive of kernel ....
Jun 11 18:34:52 <shazkhan> yes
Jun 11 18:35:31 <shazkhan> PaulFertser: https://wiki.ubuntu.com/Specs/M/ARMMandatoryAccessControl
Jun 11 18:36:26 <shazkhan> I have figured out the onwards thing but just need to figure out the secure boot technically. I have read and understood it a few months back but my crypto sucks
Jun 11 18:38:05 <PaulFertser> shazkhan: why secure boot if you do not run untrusted software as root anyway? Are you sure it has practical interest? 
Jun 11 18:39:19 <shazkhan> I am still figuring out how I can get to use the root key of trustzone although it is not necessary in case we use the boot loader to embed the public key of the manufacturer or the organization whatever but sha1 is something to think about ... but then how can we trust that the bootloader is not compromized?
Jun 11 18:39:22 <lindi-> shazkhan: what's your motivation in this. some university course?
Jun 11 18:40:09 <PaulFertser> shazkhan: why the hell not assume the system (kernel+everything running as root) is secure right from the start? Why trusted boot?
Jun 11 18:40:33 <shazkhan> PaulFertser: TCG MPWG MPRA can give u a concrete example and I can point out more literature from Samsung and Nokia
Jun 11 18:41:15 <PaulFertser> shazkhan: can you outline an attack example please? Because i'm not convinced anything you cite is applicable to our case.
Jun 11 18:41:21 <shazkhan> lindi- yes I train people with linux and opensource and then this security thingy is another step
Jun 11 18:41:39 <shazkhan> PaulFerter: Our case?
Jun 11 18:41:49 <PaulFertser> shazkhan: yes, the case of free software lovers
Jun 11 18:41:51 <lindi-> shazkhan: openmoko is bit difficult device for what you are planning to do
Jun 11 18:42:04 <lindi-> PaulFertser: i can think of many free software friendly use cases here :)
Jun 11 18:42:04 <PaulFertser> shazkhan: trusted boot is usually used to abuse us.
Jun 11 18:42:15 <PaulFertser> lindi-: i want to know shazkhan's
Jun 11 18:42:28 <shazkhan> lindi- uboot - kernel - initrd - init and then thats it!
Jun 11 18:42:28 <lindi-> ok
Jun 11 18:43:19 <lindi-> shazkhan: you are planning to put your u-boot to NOR?
Jun 11 18:43:23 <PaulFertser> lindi-: though i think i understand the reasoning you imply. I'm not sure the attack is practical.
Jun 11 18:43:41 <lindi-> PaulFertser: well surely not with current openmoko user base :)
Jun 11 18:43:46 <shazkhan> TCG is stupid and so is nokia and samsung?
Jun 11 18:44:02 <lindi-> shazkhan: large companies can do stupid things too
Jun 11 18:44:09 <PaulFertser> shazkhan: nokia does _very_ nasty things to its customers man
Jun 11 18:44:23 <PaulFertser> shazkhan: i'd even say there's bunch of goddamn motherfuckers in there
Jun 11 18:44:34 <shazkhan> Free software can be there all the time ... openness is the real thing ... open service provisioning and use of software
Jun 11 18:44:39 <PaulFertser> shazkhan: the recent breach of privacy (through SMS) proves that pretty much.
Jun 11 18:45:00 <PaulFertser> shazkhan: http://talk.maemo.org/showthread.php?t=53565 
Jun 11 18:45:12 <PaulFertser> ^^ that's what nokia did to the customers who trusted them
Jun 11 18:45:27 <PaulFertser> Just screwed them. And leaved in vain, without any answer or reaction whatsoever. For weeks!
Jun 11 18:46:27 <shazkhan> so what about the use case?
Jun 11 18:46:55 <PaulFertser> shazkhan: can you outline a valid attack example that would be prevented if you used "trusted computing"?
Jun 11 18:47:28 <PaulFertser> please
Jun 11 18:48:12 <lindi-> shazkhan: paul has a point here. before you introduce some security feature you always need to justify what attacks it could make harder
Jun 11 18:48:21 <shazkhan> https://wiki.ubuntu.com/Specs/M/ARMTrustedComputingSupport ...  these are still drafts ... hust got some room to show off for a start
Jun 11 18:48:51 <PaulFertser> I might be a bit too mean, sorry, folks. Being in a foul mood for days :/
Jun 11 18:50:26 <shazkhan> PaulFertser: I use a medical device given to me as a doctor with which I read patient records and change them. How can the hospital make sure that my software stack is integral and that the private and confidential information won't get leaked?
Jun 11 18:50:33 <shazkhan> lindi- u can help here too
Jun 11 18:50:35 <PaulFertser> shazkhan: i'm also sorry for all the guys who spent years fighting that "secure boot chain" on so many devices. That idea smells bad, that's why i'm averse to it.
Jun 11 18:51:12 <PaulFertser> shazkhan: it's impossible. There's always way to leak information.
Jun 11 18:51:14 <shazkhan> PaulFertser: I love criticism ... but if it takes me to solid grounds
Jun 11 18:51:22 <shazkhan> like?
Jun 11 18:51:37 <PaulFertser> shazkhan: screen capturing, automated keypresses.
Jun 11 18:51:56 <shazkhan> MAC policies remotely attested is what we have done PaulFertser
Jun 11 18:52:41 <PaulFertser> shazkhan: i think if you do not trust some party, you can not provide it with information. Or else it might be leaked, no matter what technology you use.
Jun 11 18:52:44 <shazkhan> MAC policy can disable clipboard for an application and doctor is trusted ... something n the software stack might be compromized or malicious
Jun 11 18:52:59 <lindi-> shazkhan: i think i know your point but all this is bit abstract. how can you remotely check if the PC is running the approved software stack today?
Jun 11 18:53:45 <shazkhan> Lindi- I verify it against known good hashes ... common ppl
Jun 11 18:54:05 <PaulFertser> _remotely_
Jun 11 18:54:47 <shazkhan> PaulFertser: We try to make it stronger and stronger ... ppl are still able to break the strongest security that is even non-computer
Jun 11 18:55:09 <PaulFertser> But a question about secure handling of patients' records is interesting, indeed. I can't see any reliable solution.
Jun 11 18:55:11 <shazkhan> yes lindi- and now I am building a local verification engine as well
Jun 11 18:55:31 <lindi-> shazkhan: how do you get the hashes from the remote computer?
Jun 11 18:56:17 <shazkhan> IBM Integrity measurement architecture for a start can help u ... now don't say they are idiots because u've got it in the mainline kernel!
Jun 11 18:56:26 <shazkhan> 2.6.30 onwards
Jun 11 18:56:41 <shazkhan> I have used it since 2.6.26-rcx
Jun 11 18:56:42 <lindi-> shazkhan: ok but i was hoping i could get some sort of short summary in your own words
Jun 11 18:56:42 <PaulFertser> shazkhan: lol, i can tell you how this problem is solved in russia. They're all using only paper records.
Jun 11 18:56:56 <shazkhan> lol
Jun 11 18:57:10 <shazkhan> So u wana go back to stone ages Paul
Jun 11 18:57:38 <shazkhan> thats the best part technology sucks and it sucks our brain out and problems are still there
Jun 11 18:57:46 <lindi-> shazkhan: ./security/integrity/ima/Kconfig:# IBM Integrity Measurement Architecture?
Jun 11 18:57:52 <shazkhan> yup
Jun 11 18:58:29 <shazkhan> try EVM as well .. MeeGo uses Aegis validator while I am doing my own custom thingy
Jun 11 18:58:49 <lindi-> PaulFertser: "the TPM can prove to a third party whether or not critical system files have been modified." is the key here I think
Jun 11 18:59:32 <lindi-> shazkhan: openmoko does not have such a TPM though, right?
Jun 11 18:59:35 <PaulFertser> lindi-: yes, but it looks like it can work the way it's designed.
Jun 11 18:59:46 <PaulFertser> lindi-: provided there's hardware tpm module and it's not compromisable.
Jun 11 18:59:56 <PaulFertser> shazkhan: i do not. Just stating the facts.
Jun 11 19:00:25 <shazkhan> I have put years to get it into openmoko ...means tpm
Jun 11 19:00:33 <shazkhan> and all the related stuff
Jun 11 19:00:54 <shazkhan> 1.5 years in learning the embedded world and all the security theory and tools etc
Jun 11 19:01:00 <lindi-> shazkhan: what do you mean? you have tried to modify the hardware to include a TPM?
Jun 11 19:01:02 <shazkhan> now thinking of doctorate
Jun 11 19:01:10 <PaulFertser> lindi-: is it even possible at all?
Jun 11 19:01:14 <PaulFertser> I doubt that.
Jun 11 19:01:17 <shazkhan> lols ... no I use an emulator
Jun 11 19:01:27 <PaulFertser> The SoC is not designed for trusted boot.
Jun 11 19:01:45 <lindi-> shazkhan: ok, so what does it have to do with openmoko? ;)
Jun 11 19:02:07 <lindi-> PaulFertser: NOR being read-only surely provides some advantages
Jun 11 19:02:14 <shazkhan> I'll write a concrete story on my blog and then update u guys with the link
Jun 11 19:02:36 <shazkhan> So getting back to the boot loader issue
Jun 11 19:02:53 <lindi-> shazkhan: there are patches for u-boot to check for RSA signature
Jun 11 19:02:55 <shazkhan> Can I put the boot loader on NOR
Jun 11 19:03:03 <lindi-> shazkhan: your phone has a boot loader in NOR
Jun 11 19:03:07 <PaulFertser> lindi-: ah, yes, you're right. Always forgetting about that.
Jun 11 19:03:20 <shazkhan> lindi- cool ... link please
Jun 11 19:03:42 <lindi-> PaulFertser: I actually wished that my PC had a small 16M storage area that was read-only
Jun 11 19:03:43 <PaulFertser> lindi-: because it's not read only for me (i can short a tp), it's read-only for the programs i run :)
Jun 11 19:03:46 <shazkhan> lindi but it cannot unsign the kernel can it so need to modify it
Jun 11 19:04:09 <lindi-> PaulFertser: then I could boot to that rescue system and do backups to usb hard disk
Jun 11 19:04:10 <shazkhan> My blog shazkhan.wordpress.com
Jun 11 19:04:14 <PaulFertser> shazkhan: lindi-'s right, you can modify u-boot or qi appropriately and flash it permanently to NOR.
Jun 11 19:04:37 <PaulFertser> shazkhan: but without TPM chip you want be able to use IMA efficiently.
Jun 11 19:04:40 <lindi-> PaulFertser: if I connect the usb hard disk to my PC now then if somebody compromises my system today they can also remove my older backups when the backup disk is connected
Jun 11 19:04:40 <shazkhan> do we have this on openmoko wiki or somewhere else
Jun 11 19:05:02 <lindi-> PaulFertser: that's a practical use case for "trusted boot" that comes to my mind
Jun 11 19:05:22 <lindi-> shazkhan: unsign?
Jun 11 19:05:36 <shazkhan> PaulFertser: Good point ... we make changes ... secure boot with boot loader till the point where we can use IMA
Jun 11 19:05:41 <PaulFertser> lindi-: i wonder why i do not hear about actually using anything like that on TPM-equipped systems.
Jun 11 19:05:57 <lindi-> PaulFertser: good question
Jun 11 19:06:05 <lindi-> PaulFertser: i vote for the evil bios
Jun 11 19:06:07 <PaulFertser> shazkhan: you'd have to actually provide such a chip. Probably via i2c or spi.
Jun 11 19:06:23 <PaulFertser> lindi-: reasonable explanation.
Jun 11 19:06:36 <shazkhan> lindi- the kernel is signed or RSA means sha1 ... get confused with terminology because i have to deal with all theoretical and practical things alone :(
Jun 11 19:06:41 <PaulFertser> shazkhan: ^^^ you see how those "smart companies" implement TPM in unusable way?
Jun 11 19:06:49 <shazkhan> till now now I have learned to use irc
Jun 11 19:06:51 <PaulFertser> shazkhan: RSA signature
Jun 11 19:06:56 <PaulFertser> shazkhan: sha1 is hash
Jun 11 19:07:06 <PaulFertser> shazkhan: with hash you can check integrity
Jun 11 19:07:19 <PaulFertser> shazkhan: with signature you can check it was signed by a trusted party
Jun 11 19:07:27 <PaulFertser> But that's all oversimplification
Jun 11 19:07:35 <lindi-> shazkhan: the RSA signature uses sha1 in http://lists.denx.de/pipermail/u-boot/2006-September/016960.html
Jun 11 19:07:39 <ThibG> larsc, ok, I'm done (using mmc_host_enable/disable instead of the disable_timer)! Gonna send that on the ML, but I'm not sure everything is right
Jun 11 19:07:41 <shazkhan> Got it. We check the signature of the kernel then boot it
Jun 11 19:08:21 <shazkhan> need a break ....
Jun 11 19:10:11 <lindi-> shazkhan: PaulFertser: no patches required apparently. even debian ships u-boot that supports md5 _and_ sha1
Jun 11 19:11:03 <PaulFertser> lindi-: but hardcoding sha1 in nor u-boot is impractical, for a real solution it should be real signature verification i guess.
Jun 11 19:11:09 <lindi-> PaulFertser: yep
Jun 11 19:11:35 <lindi-> PaulFertser: but you can store the sha1 sum of a kernel that does the RSA check for you and kexec's the real kernel :-))
Jun 11 19:12:05 <PaulFertser> lindi-: :)) nice one
Jun 11 19:12:06 <lindi-> I thought Qi wanted to teach us that the boot loader should do only minimum and even boot menu should be handled outside it
Jun 11 19:12:52 <PaulFertser> lindi-: i wonder what TPM module shazkhan plans to attach.
Jun 11 19:13:37 <lindi-> and if the signature is invalid, have we figured out an effective self destruction sequence yet? ;)
Jun 11 19:14:12 <lindi-> PaulFertser: also, how could I have something like NOR in my PC?
Jun 11 19:14:16 <PaulFertser> lindi-: just go to dfu-mode probably
Jun 11 19:14:37 <PaulFertser> lindi-: good question. To those who knows x86 really deep. Not me :(
Jun 11 19:14:48 <lindi-> PaulFertser: setup BIOS to boot from usb stick and somehow make the usb stick read-only?
Jun 11 19:15:09 <lindi-> and then just hope the attacker won't be able to do anything to the bios
Jun 11 19:15:28 <PaulFertser> lindi-: bios boot from usb is somehow fragile
Jun 11 19:15:40 <PaulFertser> lindi-: regular bioses suck so much :/
Jun 11 19:15:42 <lindi-> PaulFertser: i'm only interested in protecting me against remote attackers
Jun 11 19:16:07 <PaulFertser> lindi-: yeah, but you'll put another stick and the bios will change the priorities or something like that.
Jun 11 19:16:25 <PaulFertser> Not a breach (if the other stick won't get selected for boot automatically) but rather an inconvenience.
Jun 11 19:16:30 <lindi-> yep
Jun 11 19:16:33 <larsc> ThibG: ok
Jun 11 19:38:02 <larsc> ThibG: are you sure you need these mmc_host_enable calls verywhere?
Jun 11 19:55:35 <shazkhan> PaulFerster: How fo we get the signature thing done with NOR ... can you point out some docs on this? The sha1 are available in uboot docs ... right? Want to go through them over the weekend ..
Jun 11 19:58:14 <lindi-> shazkhan: you can access nor with debug board
Jun 11 19:58:57 <shazkhan> ok lindi- but how do I change the uboot ... some docs ... I'll try to google ...
Jun 11 19:59:19 <shazkhan> I mean add the signature verification code to it ...
Jun 11 19:59:35 <lindi-> shazkhan: u-boot does have fairly large manual
Jun 11 19:59:52 <shazkhan> the same code should be re-usable for kernel and init and whatever
Jun 11 20:00:06 <shazkhan> hmm
Jun 11 20:00:22 <shazkhan> hope to find the sha1 thingy in the manual
Jun 11 20:15:33 <ThibG> larsc, not that sure... that's how the other driver does that. And each time we call _disable, we should have called _enable before, if I understand well
Jun 11 20:27:57 <larsc> ThibG: especially that one which is done before mmc_host_add
Jun 11 20:38:35 <ThibG> hm, that doesn't look right
Jun 11 20:40:39 <ThibG> that's done the same way, though, in omap_hsmmc.c
Jun 11 20:43:28 <larsc> i'm neither sure if all these mmc_host_{enable,disable} are really required
Jun 11 20:46:18 <larsc> in theory it should be enough to setup the callbacks
Jun 11 20:46:39 <larsc> because we don't need the clock when not doing a request
Jun 11 20:49:34 <larsc> maybe a multistage disable like in the omap_hsmmc driver, with suspending the mmc engine in the first stage and disabling it in the second
Jun 11 20:53:25 <ThibG> they're doing that?
Jun 11 20:59:38 <ThibG> in remove, that's probably called to clear the workqueue
Jun 11 21:00:32 <ThibG> same goes for suspend
Jun 11 21:02:24 <ThibG> in probe... that shouldn't be needed, I guess
Jun 11 21:15:54 <ThibG> 'night
Jun 12 01:08:20 <cz_jc> Weiss, by chance, are you around ?
Jun 12 01:18:31 <cz_jc> btw. once again, kernel git repo doesn't provide
Jun 12 01:18:33 <cz_jc> error: Unable to get pack file http://git.openmoko.org/git/kernel.git/objects/pack/pack-3ef0b47a0e27b0d1096276d4bd0e7e0428ca6ded.pack
Jun 12 01:18:51 <cz_jc> what's up with that thing anyway ?
Jun 12 01:59:28 <cz_jc> Weiss, just tried compilling git glamo xorg driver with --disable-kms; On load, it gives me: dlopen: /usr/lib/xorg/modules/drivers/glamo_drv.so: undefined symbol: GlamoKMSAdjustFrame
**** ENDING LOGGING AT Sat Jun 12 02:59:56 2010