OpenWrt One / project update

Daniel Golle daniel at makrotopia.org
Fri Apr 12 11:10:43 PDT 2024 

On Fri, Apr 12, 2024 at 01:38:01PM -0400, Michael Richardson wrote:
> 
> John Crispin <john at phrozen.org> wrote:
>     > On 12.04.24 15:30, Michael Richardson wrote:
>     >> Is the MT7981B specification available publically at this point?
>     >>
>     >> I can find a 7986 sheet on hackaday, but who knows how it differs (marketing
>     >> people and their numbers)
>     >>
>     > Hi
> 
> > http://mirror2.openwrt.org/docs/
> 
> Thank you, I'm reading through now.
> 
> I didn't grok all the GPIO pin sharing, there are a lot of choices there
> which I think you've already made when you listed the high-level specs.
> 
> Will we be able to support the:
>      "the hardware-based NAT engine with QoS embedded in MT7981B"
>      Any IPv6 support down there? Yes, for various tunnel protocols even.
>      Is it the "NEON"?
> 
> I see 64 Tx queues for wired ethernet, but I imagine Dave Taht will want to
> know if there are per-host queues for the wireless.  Hmm. Well, it looks like
> there are at least 4, but I could have mis-understood.
> 
> In the first PDF, there is mention of:
>    Security Support 2 * 256-bit multi-key on OTP eFuse
>    Support 64 version OTP eFuse for anti-rollback

Those features require proprietary tools provided by MediaTek only to
clients under NDA. Unless some 3rd-party reverse-engineers those
tools, we won't ever use those features. Also note that those 256-bit
keys are *symmetric* keys probably, so not that useful for IDevID.

> 
> which is often the key to getting IDevID deployed, but I didn't find further
> mention of that in the three datasheets.

Another option for deploying IDevID is using MMU to prevent access to
the SPI-NOR I/O range from non-secure land and handling cryptographic
operations entirely in the secure enclave, e.g. using OP-TEE and fTPM.

This is possible without burning any fuses and without any proprietary
tools (but will probably not be implemented in time for the firmware
which will ship with the device -- however, it can be done after, I
can help and point who ever wants to do it to the right directions.)


> 
> I found: 11008014 GLOBAL_SEC_EN, but I think it has to do with locking down
> the timers, or some I2C thing.
> 
> (I turned on hypothes.is while reading the PDFs, if someone wants to see my notes)
> 
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
> 
> 



> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20240412/db808928/attachment-0001.sig>

More information about the openwrt-devel mailing list