Difference between revisions of "Talk:BCM5719"

From RCS Wiki
Jump to navigation Jump to search
(→‎Mitigation: thanks)
 
(10 intermediate revisions by 3 users not shown)
Line 8: Line 8:
 
: This is somewhat tricky since the package says BCM5719 but the firmware says BCM95719.  Since both are correct a redirect may be in order. [[User:SiteAdmin|SiteAdmin]] ([[User talk:SiteAdmin|talk]]) 12:02, 22 December 2017 (CST)
 
: This is somewhat tricky since the package says BCM5719 but the firmware says BCM95719.  Since both are correct a redirect may be in order. [[User:SiteAdmin|SiteAdmin]] ([[User talk:SiteAdmin|talk]]) 12:02, 22 December 2017 (CST)
 
:: Is this something you might want to ask people to fix in the open source firmware? :) - [[User:Torpcoms|Torpcoms]] ([[User talk:Torpcoms|talk]]) 14:25, 22 December 2017 (CST)
 
:: Is this something you might want to ask people to fix in the open source firmware? :) - [[User:Torpcoms|Torpcoms]] ([[User talk:Torpcoms|talk]]) 14:25, 22 December 2017 (CST)
 +
::: Sure!  It's pretty trivial though so if the original numbering is retained we can always patch it back to the "correct" P/N later on! [[User:SiteAdmin|SiteAdmin]] ([[User talk:SiteAdmin|talk]]) 13:29, 23 December 2017 (CST)
 +
 +
== MAC address legality ==
 +
 +
The page mentions "the two MAC addresses inside this image must be changed to match the MAC addresses on your particular Talos™ II system; failure to do so may violate law and could potentially cause serious network issues." having two ports with the same address would obviously cause issues if both are in use on the same network, but in what way is MAC address spoofing even remotely illegal? Even Windows 10 and iOS are starting to use MAC spoofing.
 +
[[User:Torpcoms|Torpcoms]] ([[User talk:Torpcoms|talk]]) 14:47, 22 December 2017 (CST)
 +
:Our original wording may have been somewhat strong.  We have updated the page to clarify.  The problem isn't spoofing per se, the illegality comes in if you start to interfere with other computers and users on a given network.  Depending on jurisdiction this could be considered a computer crime. [[User:SiteAdmin|SiteAdmin]] ([[User talk:SiteAdmin|talk]]) 13:28, 23 December 2017 (CST)
 +
 +
== Mitigation ==
 +
 +
Is it possible to use the IOMMU to limit the firmware's ability to do DMA within sensitive memory regions? Is that currently implemented while we're waiting on replacement firmware? - [[User:JSharp|JSharp]] ([[User talk:JSharp|talk]]) 20:01, 22 December 2017 (CST)
 +
 +
: According to Timothy Pearson's reply on the [https://mail.coreboot.org/pipermail/coreboot/2017-September/085048.html coreboot mailinglist], it is behind the IOMMU, and this arrangement is even good enough to get RYF certification from the FSF. - [[User:Torpcoms|Torpcoms]] ([[User talk:Torpcoms|talk]]) 23:41, 22 December 2017 (CST)
 +
 +
:: Perfect. Thank you very much for the reference! - [[User:JSharp|JSharp]] ([[User talk:JSharp|talk]]) 16:57, 24 December 2017 (CST)
 +
 +
== Firmware image signing ==
 +
 +
The [[:File:Bcm5719 talos.bin|firmware image]] linked from article is binary code intended to be flashed to Talos II systems for recovery of bricked NIC firmware... perhaps they should be signed by Raptor CS for manual verification? - [[User:JSharp|JSharp]] ([[User talk:JSharp|talk]]) 20:20, 22 December 2017 (CST)

Latest revision as of 16:57, 24 December 2017

BCM95719 not BCM5719?

This page was moved ([1]) from BCM5719 to BCM95719, yet I can't see any reference to BCM95719 on the page nor on the Raptor Computing contest; even the image on the contest page shows:

BCM5719A1KFBG
TE1636 P11
625576-11 N[?]

which I would guess means that it is BCM5719 not BCM95719. Am I mistaken? - Torpcoms (talk) 00:13, 22 December 2017 (CST)

This is somewhat tricky since the package says BCM5719 but the firmware says BCM95719. Since both are correct a redirect may be in order. SiteAdmin (talk) 12:02, 22 December 2017 (CST)
Is this something you might want to ask people to fix in the open source firmware? :) - Torpcoms (talk) 14:25, 22 December 2017 (CST)
Sure! It's pretty trivial though so if the original numbering is retained we can always patch it back to the "correct" P/N later on! SiteAdmin (talk) 13:29, 23 December 2017 (CST)

MAC address legality

The page mentions "the two MAC addresses inside this image must be changed to match the MAC addresses on your particular Talos™ II system; failure to do so may violate law and could potentially cause serious network issues." having two ports with the same address would obviously cause issues if both are in use on the same network, but in what way is MAC address spoofing even remotely illegal? Even Windows 10 and iOS are starting to use MAC spoofing. Torpcoms (talk) 14:47, 22 December 2017 (CST)

Our original wording may have been somewhat strong. We have updated the page to clarify. The problem isn't spoofing per se, the illegality comes in if you start to interfere with other computers and users on a given network. Depending on jurisdiction this could be considered a computer crime. SiteAdmin (talk) 13:28, 23 December 2017 (CST)

Mitigation

Is it possible to use the IOMMU to limit the firmware's ability to do DMA within sensitive memory regions? Is that currently implemented while we're waiting on replacement firmware? - JSharp (talk) 20:01, 22 December 2017 (CST)

According to Timothy Pearson's reply on the coreboot mailinglist, it is behind the IOMMU, and this arrangement is even good enough to get RYF certification from the FSF. - Torpcoms (talk) 23:41, 22 December 2017 (CST)
Perfect. Thank you very much for the reference! - JSharp (talk) 16:57, 24 December 2017 (CST)

Firmware image signing

The firmware image linked from article is binary code intended to be flashed to Talos II systems for recovery of bricked NIC firmware... perhaps they should be signed by Raptor CS for manual verification? - JSharp (talk) 20:20, 22 December 2017 (CST)