> On January 19, 2019 at 11:34 PM Karel Gardas <[email protected]> wrote: > Well, with RPiX you completely missed the target I'm afriad. If I'm > correct, then whole SoC is booted on the side of video processor which > loads some blobs into it, run ThreadX OS and then boots ARMv8 > bootloader on ARM core. There have been some attempt to replace ThreadX > and binary blob on RPiX, but so far IIRC unsuccessful.
I did indeed miss the target, and what you say is largely consistent with my own further research. The upside of the RPi is it (seems) to be a stateless device outside the data stored on the SD card -- there seems to be no other firmware/flash devices that could store malware. While the RPi does this for pedagogical rather than security reasons (they wanted it to be un-brickable) some security researchers (Rutkowska) recommend statelessness as a partial mitigation strategy for the security risks inherent in blobs (to stop them being used to persist malware outside the OS). Unfortunately it looks like there are no current production mainstream devices which do any better (unless OpenBSD has figured out how to replace the Pine64 firmware), leaving niche devices based on e.g OpenPOWER and RISC V. Neither of which fit in hand luggage :/
