The latest Kobos use MediaTek SoCs with locked bootloaders. The Kobo Clara BW's MT8113, for example. As far as I know, one of the early bootloaders it, BL1, refuses to execute the next bootloader (BL2) unless its signature is valid. We can get the device into a mode where BL1 waits for upload of a BL2 via USB using an exploit called Kamakiri, but in public there is neither an exploit to get BL1 to boot an arbitrary BL2, nor an authorized BL2 image to upload. See here: https://github.com/bkerler/mtkclient/issues/1332
Kobo devices have root exposed but don't let users boot their own kernels (and the kernel they ship was not compiled with kexec either).
I really don't know the reason so many devices these days don't have an unlock method. It seems predatory. Who knows where in the chain this happens... maybe it's Kobo, or maybe MediaTek won't sell you their SoCs for mass-market devices unless you lock them.
As far as I know, yes, it's possible. No SELinux. Kernel is a branch from 4.9.something pretty far off mainline with a few proprietary binary blob modules. As far as I know the real impediment here is lack of demand.
According to the github issue it seems to be a simple checksum step, not a true signature verification? If so there is no locked bootloader in any real sense.
If the real impediment is lack of demand or low-level development effort for any given device, that's in principle a solvable issue once projects like pmOS and Mobian choose to focus on some reasonably-available hackable hardware and bring it up to true daily driver state.
mtkclient does not seem to correctly interpret the usb output of the device past some part of the early boot process. Really, any of those messages formatted by mtkclient are unfaithful to the intended meaning. So yes maybe it is "just a checksum step" or maybe something else entirely. Last year I collected some UART logs on the device during bootup in a zip here:
The details in this comment are messed up and shouldn't be taken as authoritative.
- Getting the device's BL1/BROM into download mode (where it waits for an upload of a Preloader/BL2 from outside), for these devices itself does not involve exploits. Kamakiri is an exploit in the upload process that gives an execution point at that stage.
- The BROM on Kobos (at least the old ones, P365's) don't have security enabled as far as I know. (Unless somehow they are lying to us when we ask, which there is no evidence of). They only do some integrity checks (header magic #s, checksums).
- Security on Kobos happens down the chain, starting at the Little Kernel apparently jumped to from the Preloader. I am still learning about the Clara BW's boot process.
>“What is this?” I asked. “It looks like hair.” Marshall chuckled. “That’s them — the cable bacteria,” he said. “If you watch closely, you’ll see them twitching.” I stared harder. The filaments shifted.
This schmaltzy student-teacher roleplay immersion-journalism feels false and infantilizing to me. It makes me mistrustful of the text and I avoid reading essays written like it. The facts are embedded in an artificial adventure narrative as one feeds a dog a pill by hiding it in peanut butter. Why? Would the non-sensationalized, plainly framed information content be too un-stimulating for readers? Are false narratives hidden inside?
I think it’s safe to assume every commenter speaks for themselves. I agree with the grandparent comment, this narration is cheesy and I couldn’t get through it, or figure out the point. If it’s fan fiction, it should be labeled as such. But, if there is news in there, I’d like a TLDR synopsis. Fortunately, there is a browser extension for that :)
I like seeing pictures taken by my friends. I like discussing those pictures with them. Conversely I also like creating and curating my own pictures to share with like-minded friends. It is prosocial all around.
The article is appalling. To me it more effectively conveys his character than his ideas. Maybe for some people it really is hard to find a balance.
I remember that it's "ie" not "ei" by imagining (and this is probably true) that Wiener means "someone from Vienna", and I have no problem remembering how to spell Vienna.
I would love to be able to use GNURadio for something, I've just never found flow diagrams to be more expressive than writing procedural instructions over whatever SDR API. GNURadio's flow diagrams introduce a lot of hidden complexity that is difficult to observe and understand. For example, every arrow you draw represents a buffer and so for all but the simplest graphs this will quickly lead to difficult-to-interrogate sample over/underruns. There are workarounds for fine grained control over these buffers but they cannot be called simple (like message passing via tagged samples and flow control blocks).
Kobo devices have root exposed but don't let users boot their own kernels (and the kernel they ship was not compiled with kexec either).
I really don't know the reason so many devices these days don't have an unlock method. It seems predatory. Who knows where in the chain this happens... maybe it's Kobo, or maybe MediaTek won't sell you their SoCs for mass-market devices unless you lock them.
reply