Matthew Garrett
Luv when an embedded bootloader includes a cert called "General Use Test Key (for testing only)"
Nov 26, 2022 at 1:32amWeb
Show threadlorddimwit is now @[email protected]Nov 26, 2022
@mjg59 paging Hyundai
Show threadPG&E Delenda EstNov 26, 2022
@mjg59 Got an invoice from aws for "Sales Kickoff 2015 Demo Account" forwarded to me. Same energy.
Show threadbarstewardNov 26, 2022
@mjg59 I can see how it happens, having been on the development side of ROM based bootloaders. The test keys had to be used for the majority of testing because the customer wouldn’t generate signed images for all of our test scenarios, and (rightly) kept hold of the private keys. I managed to get them to sign one benign image with each production key for our final tests, to prove that the correct public keys were in the final product.
Show threadturbocoolerNov 26, 2022
@mjg59 that's actually common among devices based on Qualcomm basebands and usually means the codesigning isn't enforced. This can be checked by patching a byte in an ELF segment, updating its hash in the hash table and booting the image
Show threadDigitalColdNov 26, 2022
@mjg59 woo! Enjoy your unlocked Qualcomm device