Secure boot on Milk V duo 256

Fri Jan 3 16:11:12 CET 2025

Hello Yixun Lan:

Thank you for your reply.

I was reviewing the source tree and came across some OTP/Efuse code for other boards located at:

/drivers/misc

For example, I found files like rockchip-efuse.c and sifive-otp.c. I’m still working on understanding how this integrates with the rest of the codebase. Some of these implementations set the device serial number as an environment variable. Interestingly, I noticed that some include code to write to the OTP.

I wonder if someone could derive a public key from an existing one by overwriting certain bits. For example, by flipping zeroes to ones and then brute-force the remaining bits to generate a new valid private key, to subsequently subvert the boot process by sigining new code with that new derived key.

Looks to me like a possible attack vector. Just a guess. I would comment/disable that OTP writting code to be on the safe side.

I could find this regarding FIT signatures:

https://docs.u-boot.org/en/latest/usage/fit/signature.html

For the Linux kernel, I was considering using the dm-crypt module alongside IMA (Integrity Measurement Architecture) as a next step.

It seems that Sophon has not yet released the eFuse controller documentation for the SG2002, according to their latest Technical Reference Manual. However, for the CV1800B, the eFuse controller is fully documented. Based on the technical drawings, it appears that the SG2002 includes the same controller or a very similar one. Both SoCs are quite similar, with the main differences being the addition of an NPU and a selectable ARM core at boot time, alongside the RISC-V cores and the 8051 core.

Regards

Waldo Alvarez
Desarrollo de Software / Software Development
https://pipflow.com
https://tradingfuturo.com

Sent with Proton Mail secure email.

On Friday, January 3rd, 2025 at 1:40 AM, Yixun Lan <dlan at gentoo.org> wrote:

> Hi Waldo
> 
> On 13:28 Thu 02 Jan , Waldo Alvarez wrote:
> 
> > Hello:
> > 
> > I am figuring out how to proceed on secure booting the Milk V DUO 256. Likely in this list I can get some help. It is ARM/Risc-V board with an SG2002 SOC. The SOC has OTP memory and some bootrom.
> > 
> > The current distribution uses u-boot and linux buildroot but doesn't do secure boot.
> > 
> > Therefore I am trying to start at the first part. Verify digital dignature of u-boot and have u-boot verify digital signature of the kernel.
> > 
> > Can someone point me here in the right direction no how to proceed.
> 
> I'm no expert of secure boot area.. but you can search first,
> there are quite a lot docs/articles about secure boot of uboot/linux
> 
> for the initial bootchain: from bootrom to bootloader, there is indeed
> secure boot feature which documented in vendor datasheet, see chapter 14
> 
> https://github.com/milkv-duo/duo-files/blob/main/duo/datasheet/CV1800B-CV1801B-Preliminary-Datasheet-full-en.pdf
> 
> > Regards
> > 
> > Waldo Alvarez
> > Desarrollo de Software / Software Development
> > https://pipflow.com
> > https://tradingfuturo.com
> > 
> > Sent with Proton Mail secure email.
> 
> 
> --
> Yixun Lan (dlan)
> Gentoo Linux Developer
> GPG Key ID AABEFD55