Replicant

h1. FindDevicesWithUnsignedBootloaedrs

Given the huge number of devices out there, buying each device and checking it doesn't scale. Especially as there are multiple variants and even multiple versions of the variants.

For instance for the Galaxy SII we have the GT-I9100 that has an Exynos4 and GT-I9100G that has an OMAP4. And for the GT-I9100G, there are multiple versions.

h2. Making it easy for people to check the devices they have

The first step would be to document what tools already exist to do that and the ones that are lacking.

|_. Tool |_. Uses |_. supported hardware |_. Pakckages | Howto |

| "omap-usb-boot":https://git.replicant.us/contrib/PaulK/omap-usb-boot/ | * checking if the device is signed

                  * Loading bootloaders from USB

                  * booting on a different boot media | OMAP3, OMAP4, OMAP5 | "Parabola":https://www.parabola.nu/packages/pcr/x86_64/omap-usb-boot/ , "Archlinux through AUR":https://aur.archlinux.org/packages/omap-usb-boot/ | [[FindOMAPDevicesWithUnsignedBootloderFromUSB]] |

| "omap-u-boot-utils":https://nmenon.github.io/omap-u-boot-utils/ | * Loading bootloaders from USB

                      * Loading bootloaders from the UART | OMAP3, OMAP4 | "Parabola":https://www.parabola.nu/packages/pcr/x86_64/omap-u-boot-utils-git/ , "Archlinux through AUR":https://aur.archlinux.org/packages/omap-u-boot-utils-git/ | ? |

| "crucible":https://github.com/f-secure-foundry/crucible | * checking fuses settings | i.MX53, i.MX6DL, i.MX6DQ, i.MX6SL, i.MX6SLL, i.MX6SX, i.MX6UL, i.MX6ULL, i.MX6ULZ, i.MX7D, i.MX7ULP | TODO | TODO |

| "cbootimage":http://http.download.nvidia.com/tegra-public-appnotes/bct-overview.html | * Generate images

               * Dump images (including signatures?) | Tegra ? | "Parabola":https://www.parabola.nu/packages/libre/x86_64/cbootimage/ , "Archlinux through AUR":https://aur.archlinux.org/packages/cbootimage/ |

| "tegrarcm":https://github.com/NVIDIA/tegrarcm | * Load bootloaders from USB | Tegra ? | TODO | TODO |

| 0xFFFF:https://github.com/pali/0xFFFF | * Load signed bootloaders (-c) from USB | OMAP3430 and OMAP3630

                                                     Might be easy to add more OMAP3 by just commenting code in cold-flash.c | TODO, patch for libusb1 | TODO |

| "sunxi-tools":https://github.com/linux-sunxi/sunxi-tools | ? | Allwinner SOCs? | Parabola, archlinux | TODO |

Notes:

* Even with fuseegelee we might want to know if it's signed or not. See the [[BootloadersFreedom]] for more details about the limitations of fuseegelee and how to potentailly bypass them.

* sunxi-tools: does "if sunxi => unsigned?" still stand now that there are fuses drivers? If so still mention the tool as it could detect the SOC which would then tell us that it's most probably unsigned.

* No tools (beside devmem2 and a good datasheet) to analyze boot settings and dump registers at runtime?

h2. Checking images at large scale

The idea would be to find a way to get a very large number of stock images for Android devices make tests on the images and automatically check if the bootloaders are signed.

If the bootloaders are under a free software license and are unsigned, once we get and identify the corresponding source code we could publish them.

For the signed bootloaders under a free software license we'd better check with the FSF what is best to do as we need not to redistribute any software that is practically nonfree.

Constraints:

* Check with FSF lawyers how to do it legally