Thanks for the reply Andrey and thank you Ron for forwarding the message. So, only the bootloader portion is not open source, but everything else is? How big is the bootloader portion in either bytes or lines of code?
My understanding of the chip is that there is no networking capability. It has no internal NIC and isn't wired into the main PCI bus so it can't communicate with the NIC on the mainboard. This is important for security as we don't want the risk of anyone remotely flashing the bios with malware for example. However, I want to be sure my understanding is correct because the documentation here https://chromium.googlesource.com/chromiumos/platform/ec/+/cr50_stab/docs/ca... lists a capability of "OpenNoLongPP IfOpened Allow opening GSC without physical presence" Opening the GSC without physical presence implies some remote operation capability.
Is there any way for the end user to verify the loaded CR50 firmware is correct and hasn't been tampered with?
If the AP or EC firmware is overwritten does that clear/reset the TPM registers?
________________________________ From: Andrey Pronin apronin@chromium.org Sent: Monday, May 1, 2023 12:30 PM To: Brian Milliron Brian.Milliron@foresite.com Cc: coreboot@coreboot.org coreboot@coreboot.org; rminnich@gmail.com rminnich@gmail.com Subject: Re: [coreboot] Re: How open is Google CR50?
---------- Forwarded message --------- From: Brian Milliron via coreboot <coreboot@coreboot.orgmailto:coreboot@coreboot.org> Date: Fri, Apr 28, 2023 at 4:52 PM Subject: [coreboot] Re: How open is Google CR50? To: ron minnich <rminnich@gmail.commailto:rminnich@gmail.com> CC: coreboot@coreboot.orgmailto:coreboot@coreboot.org <coreboot@coreboot.orgmailto:coreboot@coreboot.org>
Thanks. I'm not really looking to build my own custom hardware, just evaluate what's already out there. I was hoping someone here would know if this chip is fully open or not.
Hi Brian, I'm leading the h/w security (that includes cr50 firmware) team at ChromeOS and I had this message forwarded to me as I'm not on the coreboot mailing list. Not sure if there was more discussion since, but here are some top-level details re cr50/GSC openness. Let me know if you have further questions.
- Google security chip is not an open hardware, the datasheet for it is not generally available. And you won't be able to run arbitrary code on it - it accepts only firmware signed with Google keys. - The bootloader firmware stage for Google security chip is not open source. - cr50 is the name of the main firmware stage that runs on the chip. cr50 implements the applications required for ChromeOS. It is open source on chromium.orghttp://chromium.org/.
I also liked the suggestion earlier in the thread of looking at opentitan.orghttp://opentitan.org/ if you are interested in open hardware.
________________________________ From: ron minnich <rminnich@gmail.commailto:rminnich@gmail.com> Sent: Friday, April 28, 2023 5:28 PM To: Brian Milliron <Brian.Milliron@foresite.commailto:Brian.Milliron@foresite.com> Cc: coreboot@coreboot.orgmailto:coreboot@coreboot.org <coreboot@coreboot.orgmailto:coreboot@coreboot.org> Subject: Re: [coreboot] How open is Google CR50?
if you want the open source part, you want to go with opentitan.orghttp://opentitan.org/, I can put you in touch with folks if your company has interest.
On Fri, Apr 28, 2023 at 2:52 PM Brian Milliron via coreboot <coreboot@coreboot.orgmailto:coreboot@coreboot.org> wrote: I'm trying to decide if the Google Titan Security chip CR50 is trustworthy or not. I see it has some open source, but I'm not certain if the whole thing is open source or if there are some binary blobs included. Does anyone here know?
_______________________________________________ coreboot mailing list -- coreboot@coreboot.orgmailto:coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.orgmailto:coreboot-leave@coreboot.org _______________________________________________ coreboot mailing list -- coreboot@coreboot.orgmailto:coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.orgmailto:coreboot-leave@coreboot.org
-- Andrey