armory-ums after Closed seucirty Configuration
31 views
Skip to first unread message
nsk ksn
Aug 18, 2023, 7:34:06 PM8/18/23
to USB armory
Hello there,
I have successfully closed my MKII. Debian show "mxs_dcp: Trusted State detected"This would be an an eMMC installation. I wanted use armory-ums (flashed to uSD) to expose the internal eMMC.
I have tried dd the amory-ums-signed.imx (stuck at both leds on low)
I have compiled the elf version. Created an ext4 partition starting at 5kB placed the elf in /boot/. Input the elf's sha256 in /boot/armory-boot.config like to
{
"unikernel": [
"/boot/armory-ums",
"faa8fd53770bf8fe9afbedf8e3b04a51722e3345d390c28603a9df722be22e1d"
]
}
"unikernel": [
"/boot/armory-ums",
"faa8fd53770bf8fe9afbedf8e3b04a51722e3345d390c28603a9df722be22e1d"
]
}
signed the armory-boot.config with my .sec and placed the armory-boot.config.sig into /boot
sudo dd if=armory-boot-signed.imx of=/dev/mmcblk0 bs=512 seek=2 conv=fsync
this armory-boot's make was set to BOOT=uSD and START to whatever
sudo parted -m /dev/mmcblk0 unit B print result.
After switching to uSD boot mode, blue led goes bright but nothing shows up (osx).
What am I missing? ( I feel its gonna be something simple )
Also just to confirm. When flashing armory-boot-signed.imx its done to /dev/mmcblk0 or /dev/rdisk6 (in my case) not the partitions correct? Is this the same for the armory-ums-signed.imx?
Thanks in advance!
nsk ksn
Aug 19, 2023, 1:59:08 AM8/19/23
to USB armory
I ended using the pre-compiled binary, and it worked perfectly. Not sure what is going on with source.
Andrej Rosano
Aug 21, 2023, 4:39:18 AM8/21/23
to nsk ksn, USB armory
Hello,
the generated armory-ums-signed.imx is meant to be load via SDP. To use
it from eMMC or uSD please remove the "-s" option passed to habtool in
the Makefile [1].
Cheers
Andrej
[1] https://github.com/usbarmory/armory-ums/blob/master/Makefile#L92
> --
> You received this message because you are subscribed to the Google Groups "USB armory" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to usbarmory+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/1aaa085a-0698-47ae-8a44-eafc4c2d65c0n%40googlegroups.com.
--
Andrej Rosano | Hardware Security | WithSecure
withsecure.com - foundry.withsecure.com
BDE1 62F4 7020 1588 8046 AE02 EA17 8C32 AB56 54CE
the generated armory-ums-signed.imx is meant to be load via SDP. To use
it from eMMC or uSD please remove the "-s" option passed to habtool in
the Makefile [1].
Cheers
Andrej
[1] https://github.com/usbarmory/armory-ums/blob/master/Makefile#L92
> You received this message because you are subscribed to the Google Groups "USB armory" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to usbarmory+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/usbarmory/1aaa085a-0698-47ae-8a44-eafc4c2d65c0n%40googlegroups.com.
--
Andrej Rosano | Hardware Security | WithSecure
withsecure.com - foundry.withsecure.com
BDE1 62F4 7020 1588 8046 AE02 EA17 8C32 AB56 54CE
Reply all
Reply to author
Forward
0 new messages