Difference between revisions of "Talk:BCM5719"
m |
(→Mitigation: thanks) |
||
(2 intermediate revisions by one other user not shown) | |||
Line 8: | Line 8: | ||
: This is somewhat tricky since the package says BCM5719 but the firmware says BCM95719. Since both are correct a redirect may be in order. [[User:SiteAdmin|SiteAdmin]] ([[User talk:SiteAdmin|talk]]) 12:02, 22 December 2017 (CST) | : This is somewhat tricky since the package says BCM5719 but the firmware says BCM95719. Since both are correct a redirect may be in order. [[User:SiteAdmin|SiteAdmin]] ([[User talk:SiteAdmin|talk]]) 12:02, 22 December 2017 (CST) | ||
:: Is this something you might want to ask people to fix in the open source firmware? :) - [[User:Torpcoms|Torpcoms]] ([[User talk:Torpcoms|talk]]) 14:25, 22 December 2017 (CST) | :: Is this something you might want to ask people to fix in the open source firmware? :) - [[User:Torpcoms|Torpcoms]] ([[User talk:Torpcoms|talk]]) 14:25, 22 December 2017 (CST) | ||
+ | ::: Sure! It's pretty trivial though so if the original numbering is retained we can always patch it back to the "correct" P/N later on! [[User:SiteAdmin|SiteAdmin]] ([[User talk:SiteAdmin|talk]]) 13:29, 23 December 2017 (CST) | ||
== MAC address legality == | == MAC address legality == | ||
The page mentions "the two MAC addresses inside this image must be changed to match the MAC addresses on your particular Talos™ II system; failure to do so may violate law and could potentially cause serious network issues." having two ports with the same address would obviously cause issues if both are in use on the same network, but in what way is MAC address spoofing even remotely illegal? Even Windows 10 and iOS are starting to use MAC spoofing. | The page mentions "the two MAC addresses inside this image must be changed to match the MAC addresses on your particular Talos™ II system; failure to do so may violate law and could potentially cause serious network issues." having two ports with the same address would obviously cause issues if both are in use on the same network, but in what way is MAC address spoofing even remotely illegal? Even Windows 10 and iOS are starting to use MAC spoofing. | ||
+ | [[User:Torpcoms|Torpcoms]] ([[User talk:Torpcoms|talk]]) 14:47, 22 December 2017 (CST) | ||
:Our original wording may have been somewhat strong. We have updated the page to clarify. The problem isn't spoofing per se, the illegality comes in if you start to interfere with other computers and users on a given network. Depending on jurisdiction this could be considered a computer crime. [[User:SiteAdmin|SiteAdmin]] ([[User talk:SiteAdmin|talk]]) 13:28, 23 December 2017 (CST) | :Our original wording may have been somewhat strong. We have updated the page to clarify. The problem isn't spoofing per se, the illegality comes in if you start to interfere with other computers and users on a given network. Depending on jurisdiction this could be considered a computer crime. [[User:SiteAdmin|SiteAdmin]] ([[User talk:SiteAdmin|talk]]) 13:28, 23 December 2017 (CST) | ||
− | |||
== Mitigation == | == Mitigation == | ||
Line 20: | Line 21: | ||
: According to Timothy Pearson's reply on the [https://mail.coreboot.org/pipermail/coreboot/2017-September/085048.html coreboot mailinglist], it is behind the IOMMU, and this arrangement is even good enough to get RYF certification from the FSF. - [[User:Torpcoms|Torpcoms]] ([[User talk:Torpcoms|talk]]) 23:41, 22 December 2017 (CST) | : According to Timothy Pearson's reply on the [https://mail.coreboot.org/pipermail/coreboot/2017-September/085048.html coreboot mailinglist], it is behind the IOMMU, and this arrangement is even good enough to get RYF certification from the FSF. - [[User:Torpcoms|Torpcoms]] ([[User talk:Torpcoms|talk]]) 23:41, 22 December 2017 (CST) | ||
+ | |||
+ | :: Perfect. Thank you very much for the reference! - [[User:JSharp|JSharp]] ([[User talk:JSharp|talk]]) 16:57, 24 December 2017 (CST) | ||
== Firmware image signing == | == Firmware image signing == | ||
The [[:File:Bcm5719 talos.bin|firmware image]] linked from article is binary code intended to be flashed to Talos II systems for recovery of bricked NIC firmware... perhaps they should be signed by Raptor CS for manual verification? - [[User:JSharp|JSharp]] ([[User talk:JSharp|talk]]) 20:20, 22 December 2017 (CST) | The [[:File:Bcm5719 talos.bin|firmware image]] linked from article is binary code intended to be flashed to Talos II systems for recovery of bricked NIC firmware... perhaps they should be signed by Raptor CS for manual verification? - [[User:JSharp|JSharp]] ([[User talk:JSharp|talk]]) 20:20, 22 December 2017 (CST) |
Latest revision as of 16:57, 24 December 2017
BCM95719 not BCM5719?
This page was moved ([1]) from BCM5719 to BCM95719, yet I can't see any reference to BCM95719 on the page nor on the Raptor Computing contest; even the image on the contest page shows:
- BCM5719A1KFBG
- TE1636 P11
- 625576-11 N[?]
which I would guess means that it is BCM5719 not BCM95719. Am I mistaken? - Torpcoms (talk) 00:13, 22 December 2017 (CST)
- This is somewhat tricky since the package says BCM5719 but the firmware says BCM95719. Since both are correct a redirect may be in order. SiteAdmin (talk) 12:02, 22 December 2017 (CST)
MAC address legality
The page mentions "the two MAC addresses inside this image must be changed to match the MAC addresses on your particular Talos™ II system; failure to do so may violate law and could potentially cause serious network issues." having two ports with the same address would obviously cause issues if both are in use on the same network, but in what way is MAC address spoofing even remotely illegal? Even Windows 10 and iOS are starting to use MAC spoofing. Torpcoms (talk) 14:47, 22 December 2017 (CST)
- Our original wording may have been somewhat strong. We have updated the page to clarify. The problem isn't spoofing per se, the illegality comes in if you start to interfere with other computers and users on a given network. Depending on jurisdiction this could be considered a computer crime. SiteAdmin (talk) 13:28, 23 December 2017 (CST)
Mitigation
Is it possible to use the IOMMU to limit the firmware's ability to do DMA within sensitive memory regions? Is that currently implemented while we're waiting on replacement firmware? - JSharp (talk) 20:01, 22 December 2017 (CST)
- According to Timothy Pearson's reply on the coreboot mailinglist, it is behind the IOMMU, and this arrangement is even good enough to get RYF certification from the FSF. - Torpcoms (talk) 23:41, 22 December 2017 (CST)
Firmware image signing
The firmware image linked from article is binary code intended to be flashed to Talos II systems for recovery of bricked NIC firmware... perhaps they should be signed by Raptor CS for manual verification? - JSharp (talk) 20:20, 22 December 2017 (CST)