66 entries in 0.063s
kmalkki: apu1 also really needs DBREQn asserted to give access to USEHDT IR/DR pair
kmalkki: that MSR bit does kill HDT on apu1
kmalkki: mircea_popescu: I have Altera brand blaster also, works fine with that
kmalkki: I also found SKINIT instruction and MSR with HDT disable bit ☟︎
kmalkki: I forgot that clone has min 2V for logic high on input
kmalkki: jtag is at 1.8V.. cheap blaster clone worked on apu2 but not apu1 ☟︎
kmalkki: crap.. wasted hours
kmalkki: but there is off-by-one error in the bitstream in shift DR stage for HDT commands
kmalkki: apu2 (with AMD PSP) does respond properly to JTAG IDCODE ☟︎
kmalkki: familiar with serialice?
kmalkki: how early would you want it?
kmalkki: well you can have consoloe output even before RAM is up
kmalkki: so you don't need that console-via-sage
kmalkki: I mean the gizmo add-on board has FT232H on it, just use 2nd ttl-uart2usb
kmalkki: btw.. gizmo1 explorer board can provide serial console and coreboot
kmalkki: and mostly pointless.. use $5 ftd232h instead with soic clip or wires
kmalkki: yes I know
kmalkki: I never had much success with it either
kmalkki: also sage edk did not work with some other SPI vendor part I had
kmalkki: btw, sometimes I was able to get gizmo1 into state where smartprobe was unable to write SPI
kmalkki: ok
kmalkki: or has the hardware..
kmalkki: was it only asciilifeform who has (actual) interest on this?
kmalkki: oh sorry.. <6 k LOC ... cropped wc
kmalkki: HDT is about 32k LOC in arm thumb asm
kmalkki: and micro has some quick bit-addressable memoryspace that might be used
kmalkki: missing only bss and some locals
kmalkki: so I mostly have all global symbol names
kmalkki: or leaked..
kmalkki: sage leakes their .map file
kmalkki: got teaser for smartprobe: https://dpaste.de/3FNu/raw
kmalkki: fine, thanks
kmalkki: hi
kmalkki: on my desktop.. what's your favorite anon share
kmalkki: smartprobe binaries now as ELFs with symbols... mostly
kmalkki: gotta go. ping me in #coreboot if there's more guestions
kmalkki: docs have no mention of endianness
kmalkki: maybe I got this all wrong, but could [0x140] contain the LSB of the entire modulus
kmalkki: whether it is mask rom or fused hash at production is also unknown
kmalkki: not that I know of
kmalkki: but bootrom supposedly contains SHA-256 hash of master key
kmalkki: where exactly do you see the even number
kmalkki: note that RtmPubSigned.key[0x14..0x23] == AmdPubKey.bin[0x04..0x13]
kmalkki: 256 bytes or 2048 bits
kmalkki: documentation only
kmalkki: yep
kmalkki: I guess you have heard how AMD SMU keys leaked out for previous gen?
kmalkki: they don't if there is only single SHA-256 fused in PSP bootrom for their public key?
kmalkki: and then OEM can sign their firmware without bothering AMD for every build
kmalkki: the idea behind all this, is OEM can send their public key to AMD to be signed
kmalkki: same as before, but from 0x240 starts signature with RSA-SSA-SIGN with AMD's private key
kmalkki: that is different sized file, different format
kmalkki: 0x04 .. 0x38 sort of GUIDs, unique identifiers for chain-of-trust
kmalkki: 0x140 N bytes modulus
kmalkki: 0x40 N bytes public exponent (N = 0x100 for RSA-2048)
kmalkki: 0x3c 4 bytes modulus size
kmalkki: 0x38 4 bytes exponent size
kmalkki: there is SHA-256 hash of AmdPubKey.bin stored in PSP BootROM
kmalkki: I believe I know the key format, 1 min
kmalkki: it has been removed from the public BKDG
kmalkki: I just found the HDT debug support in the NDAd BKDG
kmalkki: do you have access to AMD BKDG documents?
kmalkki: readelf and objdump now understand and disassemble it nicely
kmalkki: I chose the smallest raw binary, SmartUpdater to experiment with
kmalkki: so.. a package should arrive in your inbox anytime soon
kmalkki: hi