Register Guidelines E-Books Today's Posts Search

Go Back   MobileRead Forums > E-Book Readers > Kobo Reader > Kobo Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 08-19-2024, 03:54 PM   #1
NiMa
Evangelist
NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.
 
NiMa's Avatar
 
Posts: 479
Karma: 2390534
Join Date: Jun 2020
Location: Somewhere in the Universe
Device: Kobo Libra, Glo HD, Touch C/B, Mini, Glo, Aura SE, Clara HD, KT
Angry Kobo Libra Colour is using Secure Boot

I guess this was bound to happen some day... but is also extremely contradictory with Kobo's "Right to repair" philosophy that honestly just seems like the dumbest thing ever said, at least considering what I have discovered.

Code:
## Checking Image at 41000000 ...
   FIT image found
   FIT description: U-Boot fitImage for Poky (Yocto Project Reference Distro)/4.9/aud8113tp1
    Image 0 (kernel@1)
     Description:  Linux kernel
     Type:         Kernel Image
     Compression:  uncompressed
     Data Start:   0x410000fc
     Data Size:    14675968 Bytes = 14 MiB
     Architecture: ARM
     OS:           Linux
     Load Address: 0x40008000
     Entry Point:  0x40008000
     Hash algo:    sha256
     Hash value:   2bae18998544ca39a2cbfe1bcc1a4408ba876db3b470a98689503fee7795d447
    Image 1 (fdt@1)
     Description:  aud8113tp1-E70T00-A0x00.dtb
     Type:         Flat Device Tree
     Compression:  uncompressed
     Data Start:   0x41dff224
     Data Size:    47831 Bytes = 46.7 KiB
     Architecture: ARM
     Load Address: 0x44000000
     Hash algo:    sha256
     Hash value:   7db67257f744a64c42f62fe0e7ef343e1ea5ec0e00a6e1726b78f15075a3bab5
    Default Configuration: 'conf@1'
    Configuration 0 (conf@1)
     Description:  Boot Linux kernel with FDT blob
     Kernel:       kernel@1
     FDT:          fdt@1
     Sign algo:    sha256,rsa2048:dev
     Sign value:   b8f687f70f33eb5597a3ac8d1e4e754d6287ad77a9cfd5dd9082c92ff198e1fd277464ab0141a71fe451fd66fe3780a67efdd0d3d7e77b6fa681ead844e46d10283499f5303c6c312dbca66fe76163f5cf57135b3667c17c80c8301afe40d3289e8272612a8da57462a884a6c41a88290cbd1309ea2aeac0e2abc820a286116f5ba371bfd1f06a7aecea106b2bbcd2c85527d5acf76270dcc7d2f7d5d15d434e3b2845fd8f3ebf770d353adffb156d266d82b5f719608115ec4b65460b7b14d07d234a4dfe92f0a4c560da7092f0dc340a57006f7285ed370d
808bd9b77423e25efd116e463b051c491dec2ece5a5ef96f137007bf81200b50190b239404acec
Kobo is now using signature verification of both the Libra Colour's U-Boot and kernel (Little Kernel is launched first, I don't know yet if that is signed or not). It is probably the case for the Clara Colour as well.

For the less techies out there: this means more locking down from Kobo's end, basically putting them a step closer to Amazon's extremely agressive practices in the jailbreaking world.

This also means that porting Quill OS/InkBox OS to these new devices is currently impossible/very difficult.

I am just angry at them now...
NiMa is offline   Reply With Quote
Old 08-19-2024, 03:56 PM   #2
Szybet
Connoisseur
Szybet can teach chickens to fly.Szybet can teach chickens to fly.Szybet can teach chickens to fly.Szybet can teach chickens to fly.Szybet can teach chickens to fly.Szybet can teach chickens to fly.Szybet can teach chickens to fly.Szybet can teach chickens to fly.Szybet can teach chickens to fly.Szybet can teach chickens to fly.Szybet can teach chickens to fly.
 
Posts: 90
Karma: 3892
Join Date: Feb 2022
Device: Kobo nia
Clarification:
Previous kobo's didn't have this and everything was fine.
Szybet is offline   Reply With Quote
Advert
Old 08-19-2024, 06:13 PM   #3
JSWolf
Resident Curmudgeon
JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.
 
JSWolf's Avatar
 
Posts: 76,491
Karma: 136564766
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Libra 2, Kobo Aura H2O, PRS-650, PRS-T1, nook STR, PW3
It could be that went the older devices get 4.39.xxx, we'll also get secure boot.
JSWolf is offline   Reply With Quote
Old 08-20-2024, 09:28 AM   #4
elinkser
Addict
elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.
 
Posts: 213
Karma: 146236
Join Date: Oct 2022
Device: Kobo Clara HD
Quote:
Originally Posted by JSWolf View Post
It could be that went the older devices get 4.39.xxx, we'll also get secure boot.
I think on laptops there was a hardware TPM chip or in other cases a hypervisor that enforced the secure boot, while the OS that was being loaded did not need to know anything about whether it was being loaded into a secure boot environment or not.

I still have a laptop that lets me set Secure Boot or not. Hopefully Kobo has allowed this, since they didn't seem to be against SideloadedMode? e.g, my chromebook has the option to run in Developer's mode, which allowed me to install MXLinux which was what made me choose to buy the device.


EDIT : Ahhh, this link says amazon was able to turn on secure boot over the air, if I understand correctly (probably not
https://xdaforums.com/t/mod-dev-medi...4232377/page-6

Last edited by elinkser; 08-20-2024 at 03:23 PM. Reason: ota
elinkser is offline   Reply With Quote
Old 08-20-2024, 12:10 PM   #5
NiMa
Evangelist
NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.
 
NiMa's Avatar
 
Posts: 479
Karma: 2390534
Join Date: Jun 2020
Location: Somewhere in the Universe
Device: Kobo Libra, Glo HD, Touch C/B, Mini, Glo, Aura SE, Clara HD, KT
Secure Boot is mainly due to the fact that the new devices are using a MediaTek SoC (the older ones were using the Freescale/i.MX platform) Whether or not it was Kobo's will to include it, it got there anyway, either because it was the standard for such boards and the devs were too lazy to change it, or maybe it really was a thought-out decision.

Either way, it is pretty disappointing. We are currently trying to find ways to circumvent that restriction as I am writing.
NiMa is offline   Reply With Quote
Advert
Old 08-20-2024, 12:15 PM   #6
foosion
Evangelist
foosion is an enigma wrapped up in a mystery.foosion is an enigma wrapped up in a mystery.foosion is an enigma wrapped up in a mystery.foosion is an enigma wrapped up in a mystery.foosion is an enigma wrapped up in a mystery.foosion is an enigma wrapped up in a mystery.foosion is an enigma wrapped up in a mystery.foosion is an enigma wrapped up in a mystery.foosion is an enigma wrapped up in a mystery.foosion is an enigma wrapped up in a mystery.foosion is an enigma wrapped up in a mystery.
 
Posts: 450
Karma: 41524
Join Date: Sep 2011
Device: Kobo Libra 2 & Clara BW
Will this let them restrict patching, nickelmenu, etc?
foosion is offline   Reply With Quote
Old 08-20-2024, 01:47 PM   #7
NiMa
Evangelist
NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.
 
NiMa's Avatar
 
Posts: 479
Karma: 2390534
Join Date: Jun 2020
Location: Somewhere in the Universe
Device: Kobo Libra, Glo HD, Touch C/B, Mini, Glo, Aura SE, Clara HD, KT
Not yet. But who knows what they are planning...
NiMa is offline   Reply With Quote
Old 08-20-2024, 03:33 PM   #8
elinkser
Addict
elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.elinkser has survived committing the World's Second Greatest Blunder.
 
Posts: 213
Karma: 146236
Join Date: Oct 2022
Device: Kobo Clara HD
Quote:
Originally Posted by NiMa View Post
Not yet. But who knows what they are planning...
Although, I believe it is the same device (edit: family) as for the Ellipsa2e, so that bodes well.
https://en.m.wikipedia.org/wiki/Kobo_eReader

Unfortunately, it's not one of the PostmarketOs supported devices:
https://wiki.postmarketos.org/wiki/Category:MediaTek

Reading up on it it seems complicated to bypass and many experienced devs have bricked their expensive devices. I saw an old guide to the boot process if any one is interested.
http://www.lieberbiber.de/2015/07/04...and-preloader/

Good luck - you're braver than me!

Last edited by elinkser; 10-08-2024 at 08:07 AM. Reason: device family
elinkser is offline   Reply With Quote
Old 08-20-2024, 04:55 PM   #9
NiMa
Evangelist
NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.
 
NiMa's Avatar
 
Posts: 479
Karma: 2390534
Join Date: Jun 2020
Location: Somewhere in the Universe
Device: Kobo Libra, Glo HD, Touch C/B, Mini, Glo, Aura SE, Clara HD, KT
Thanks for the link.
NiMa is offline   Reply With Quote
Old 08-20-2024, 05:45 PM   #10
krob11
Junior Member
krob11 began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Aug 2024
Device: Kobo Libra Colour, Kobo Glo HD
For work with MTK processors: https://mtktool.com/
krob11 is offline   Reply With Quote
Old 08-20-2024, 05:48 PM   #11
NiMa
Evangelist
NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.
 
NiMa's Avatar
 
Posts: 479
Karma: 2390534
Join Date: Jun 2020
Location: Somewhere in the Universe
Device: Kobo Libra, Glo HD, Touch C/B, Mini, Glo, Aura SE, Clara HD, KT
Thanks for the link too. Do you know if any of these tools have a chance of working with the obscure series of MT8512/MT8110/MT8113 processors?
NiMa is offline   Reply With Quote
Old 08-20-2024, 06:04 PM   #12
krob11
Junior Member
krob11 began at the beginning.
 
Posts: 2
Karma: 10
Join Date: Aug 2024
Device: Kobo Libra Colour, Kobo Glo HD
MT8512 SDK: https://stash.phytec.com/projects/AS...673244282d185d
krob11 is offline   Reply With Quote
Old 08-20-2024, 06:15 PM   #13
NiMa
Evangelist
NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.NiMa ought to be getting tired of karma fortunes by now.
 
NiMa's Avatar
 
Posts: 479
Karma: 2390534
Join Date: Jun 2020
Location: Somewhere in the Universe
Device: Kobo Libra, Glo HD, Touch C/B, Mini, Glo, Aura SE, Clara HD, KT
Thanks again for the link. You are welcome to join our effort to find a workaround (I see you have a Libra Colour too). Any help is appreciated...
https://discord.com/invite/uSWtWbY23m
NiMa is offline   Reply With Quote
Old 08-21-2024, 07:35 AM   #14
pazos
cosiñeiro
pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.
 
Posts: 1,331
Karma: 2200073
Join Date: Apr 2014
Device: BQ Cervantes 4
It isn't a big deal (yet!). I doubt it will be an issue for running third party apps in the long run, but more on that later.

Docs to grasp the architecture of Mediatek secure boot: https://mediatek.gitlab.io/aiot/doc/...cure-boot.html

That's probably what Kobo or its OEM follow for this board.

The key is to understand that secure boot/verified boot is a chain of trust that starts in BootROM and can go up to the root filesystem, efectively locking the system if that's the intention of the manufacturer.

On a regular computer the chain of trust ends with the 2nd stage bootloader, which needs to be signed with Microsoft approved keys.
On chromebooks it goes up to the root filesystem via dm-verity.

The way chromebooks and android implement verified boot is the "standard" way on linux OSes and the route to follow for third party OEMs. If kobo wants to do this they need to:

1. pass the hash key of the read-only rootfs as a kernel command line argument (thus available in /proc/cmdline)
2. the kernel will then verify the block device isn't tampered.

That's doable and there's nothing wrong with it but there're other clues that would point they're trying to achieve verified boot on kobos:

A/B root: because updating anything in the AP, such as the final reader application, involves, at least, a new hash for the new rootfs. Things might go wrong with an update so the ability to fallback to a previous version is a must in those cases.

Two kernels: even when kobo rarely updated a kernel on a production device, you must want two slots for two different kernels (even if both contain the same) to implement A/B root properly.

Two root filesystems.

Even with a full chain of trust up to the linux userspace, that doesn't mean the device is locked (the kernel really is!). It is up to the the manufacturer to provide a different, not "dm-veritied" filesystem for storage persistence. Overlayfs might also be used to make a regular linux system to play nice with read-only rootfs.
pazos is offline   Reply With Quote
Old 08-21-2024, 07:40 AM   #15
pazos
cosiñeiro
pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.pazos ought to be getting tired of karma fortunes by now.
 
Posts: 1,331
Karma: 2200073
Join Date: Apr 2014
Device: BQ Cervantes 4
We still don't now if SecureBoot is enabled (via efuse) on that board. The BSP might provide an u-boot source tree that's able to deal with verified boot but that isn't enough to enforce the chain of trust.

If uboot verifies the kernel but nothing verifies uboot it should be possible to overwrite uboot entirely.

Also we don't know what happens if the kernel signature doesn't match. Since u/NiMa has access to the serial port I would suggest to check:

1. If uboot prompt is available
2. There's no watchdog to trigger a reset on the AP after a few seconds standing at the uboot prompt
3. Try to load a kernel image to ram and jump to it, see what uboot does.
pazos is offline   Reply With Quote
Reply


Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Kobo Stylus 1 compatibility with Libra Colour? shyhermit Kobo Reader 46 09-20-2024 03:47 PM
Kobo Libra Colour Support xtin Devices 75 08-13-2024 08:28 PM
Kobo Libra Colour color saturation Pausen Kobo Reader 19 05-16-2024 02:59 PM
Kobo Libra Colour - customizations? jaydee34983 Kobo Reader 9 05-10-2024 05:25 PM
Kobo Libra Colour and Calibre khalleron Kobo Reader 2 05-04-2024 02:29 AM


All times are GMT -4. The time now is 08:33 AM.


MobileRead.com is a privately owned, operated and funded community.