Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

Some WP8 Bootchain Background.

OP ceesheim

26th August 2014, 11:28 AM   |  #1  
ceesheim's Avatar
OP Forum Moderator
Flag No Android Fanboys Please !!!
Thanks Meter: 2,197
 
3,388 posts
Join Date:Joined: Jun 2009
Donate to Me
More
first of all , this can be Abit different on this HTC.
if you have more and better info please post it here.
and NO offtopic posts please.

WP8* phones MUST be Q-fuse protected by MS (retail), this means that potential holes must go through a road that isn't there anymore.

then IF you found a way to get in the phone the chain of trust starts.

PBL:

Code:
PBL

 RPM processor starts executing PBL in boot ROM
 PBL determines cold boot or warm boot
 PBL increases RPM clock speed from XO to 60 MHz
 RPM processor start address is 0x0
 For cold boot, next step is to detect Flash device that chip will boot from, 
  based on the boot options
 When detected, PBL downloads SBL1 (RPMSBL) from Flash to System IMEM
 SBL1 authenticates SBL2 (Krait PBL)
 RPM uses Crypto Engine 4.0 to authenticate images
 SBL1 jumps to start of SBL2 (Krait PBL)

SBL1

 SBL1 configures MIMEM and GMEM, then loads and authenticates the SBL2 there;
  MIMEM is 192 KB, so when SBL2 grows, it will spill to GMEM
 SBL1 takes Krait out of reset
 SBL1 waits for signal from Krait SBL
 When desired signal is received, SBL1 executes RPM firmware, 
  which is downloaded by SBL2
 If RPM firmware image authentication/download fails, Krait SBL2 resets MSM and 
  enters into Boot ROM Emergency Download mode

SBL2

 After being taken out of reset, Krait jumps to start of SBL2
 - Krait boot address is software-configurable via register APCS_START_ADDR
 SBL2 increases Krait clock speed
 SBL2 downloads TZ image to TZ-dedicated system IMEM
  - TZ image occupies at least 188 KB in system IMEM
  - TZ image sets up security environment (configures xPU, etc.)
 SBL2 authenticates TZ image
  - SBL2 uses CE-4.0 to perform authentication
 SBL2 downloads RPM firmware to Code RAM and authenticates it
 SBL2 configures DDR
 SBL2 sends RPM firmware-ready signal to RPM and lets RPM continue to 
  execute RPM firmware
 SBL2 jumps to SBL3

SBL3

 SBL3 bumps the system clock
 SBL3 loads and authenticates APPSBL
 SBL3 waits for the RPM process ready interrupt
 Once the interrupt is coming, SBL3 jumps to APPSBL

the primary processor boots first, executing the Primary Boot Loader (PBL) from on-board ROM.

The MSM platform has the facility to force Secure Boot using the status of the FORCE_TRUSTED_BOOT Qfuse on-chip or a high-state BOOT_SCUR pin connected to GPIO95. In this mode the PBL verifies the signature of the SBL/OSBL before executing it,which verifies the REX/AMMS signature in the same way.

(AMSS is the Qualcomm radio software (radio/baseband).

(AMSS is the Advanced Mobile Subscriber Software that runs on the ARM9 CPU in our phones, it is a complete embedded OS using the L4 microkernel and controls the RF interface, power management and some other things)

PBL reads the Device Boot Loader (DBL) from the first partition of the flash memory device.

DBL is part of Qualcomm's SecureBoot, which uses cryptography to guarantee that the boot-loader images haven't been tampered with. DBL configures the Cryptographic Look-aside Processor (CLP), a dedicated cryptographic co-processor, and other hardware sufficient to load and execute the Secondary Boot Loader (SBL)

The SBL, also known as the Operating System Boot Loader (OSBL), is loaded.
It provides an Extensible Firmware Interface (EFI) -like environment for controlling the boot process.
After doing more hardware configuration including UARTs and USB (for potential remote console connections to the monitor) it loads the Applications processor Secondary Boot Loader (APPSBL) on the ARM11 applications processor

It then loads and executes the combined REX/AMSS
Finally on the ARM9 REX executes the Advanced Mobile Subscriber Software (AMSS).

After the SoC Vendor part is done the second part starts:



Now the OS gets loaded, and the real fun starts
Nothing is unbreakable, but MS has 20 years NT kernel dev time in it (wp8* uses the same kernel as win) and made it damn bulletproof.

the thing is that we are not even in the phone jet , No bootloader hack.
JTAG is nice but only a few will ever do that , and nobody will hack the whole OS just for JTAG that actually no one will use.

Some background information and data sheets:



On the HTC 8x xboxmod found a hole, by flashing a "bad" uefi.
the phone boots into Emergency Download mode ( because its a soft brick)
This (only found on htc because it lets you flash unsigned files) "COULD" be a potential thing to explore !!!
But as you can see this is pretty dangerous to do because you actually NEED to brick your phone to get there.
next to know is that xboxmod needed to sent his phone to the repair center to repair it again !!!

Code:
 If RPM firmware image authentication/download fails, Krait SBL2 resets MSM and 
  enters into Boot ROM Emergency Download mode
so the conclusion of this is :
WE HAVE A LONG LONG WAY TO GO
The Following 14 Users Say Thank You to ceesheim For This Useful Post: [ View ]
28th August 2014, 08:08 PM   |  #2  
Junior Member
Thanks Meter: 7
 
21 posts
Join Date:Joined: Apr 2013
Question
Seeing all of this security, perhaps the best way to work is the other way around, flashing WP to the Android version? Either way, I'm looking forward to my new HTC HD2 M8
Last edited by KennyG123; 2nd September 2014 at 01:54 PM.
29th August 2014, 05:00 AM   |  #3  
Member
Thanks Meter: 30
 
82 posts
Join Date:Joined: Oct 2013
More
I would like to day in the case of my htc 8x TMO010. the TPM trusted platform module is disabled. another is uefi capsule injection. Htc uses similar builds as Intel and tianocore and i would suspect that. the capsule can be dumped(extracted ) and replaced(flashed) within the uefi binary partition without ever disrupting or modifying the security features. when doing my own personal research ion windows phone uefi it see as though its not much different than a pc uefi.


more details below
http://forum.xda-developers.com/htc-...d-cab-t2843827
29th August 2014, 07:48 AM   |  #4  
I know this is stupid.. Seem like MS sure did a good job locking down the system... But hey could it be possible to do something like dual booting W8 and Linux? You know how Linux specially Ubuntu have the new kernel that supports UEFI and installs Grub2 to dual boot a side from w8? or wp8 is more locked down than a pc? Since Android is based on Linux I wondered if its possible. Either way something new to play with.
29th August 2014, 07:58 PM   |  #5  
Member
Thanks Meter: 30
 
82 posts
Join Date:Joined: Oct 2013
More
its possible. but not yet been done. htc 8x and one S have identical ans do the new wp8.1 m8 and android m8. if grub can be injected into the uefi capsule. even if you change a few lines of code within the capsul without disrupting the security protection you can re enable mass storage mode bcd boot options and much more. its tricky but not impossible

Sent from my Galaxy Nexus using XDA Free mobile app
6th September 2014, 07:51 AM   |  #6  
elmanortega's Avatar
Senior Member
Flag perez zeledon
Thanks Meter: 128
 
1,463 posts
Join Date:Joined: Aug 2009
Donate to Me
More
cotulla can break it
have you contacted him yet?
6th September 2014, 11:28 AM   |  #7  
ceesheim's Avatar
OP Forum Moderator
Flag No Android Fanboys Please !!!
Thanks Meter: 2,197
 
3,388 posts
Join Date:Joined: Jun 2009
Donate to Me
More
Quote:
Originally Posted by elmanortega

cotulla can break it
have you contacted him yet?

Breaking it is already done ( not by Cotulla) but that isn't the biggest problem , getting it on the phone 😊

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes