[clug] AllWinner kernel backdoor
Chris Smart
clug at christophersmart.com
Fri May 13 07:35:17 UTC 2016
On Fri, May 13, 2016 at 04:26:07PM +1000, Peter Barker wrote:
>On Fri, 13 May 2016, Chris Smart wrote:
>
>>http://www.theregister.co.uk/2016/05/09/allwinners_allloser_custom_kernel_has_a_nasty_root_backdoor/
>
>Wow.
>
>>This is interesting because a lot of device manufacturers will just use
>>the AllWinner kernel as is, so this silent backdoor will be present for
>>years to come.
>
>deiban don't appear to have pulled the relevant patches in for their
>distribution - the file isn't present on my two allwinners, anyway.
>
Yeah, this is in AllWinner's own kernel fork. It has not gone upstream
(actually, I don't think that AllWinner has committed a single patch
upstream for their devices) and I'm not aware of any distros that have
included this commit in their kernel.
However, there will be many devices shipped worldwide with AllWinner's
kernel - I think they currently have around 20% of the worldwide Android
tablet SOC market.
It does highlight the importance of using an upstream kernel and, as
someone who loves embedded devices, is one of my main gripes with the ARM
ecosystem. Manufacturers just fork some ancient version of the kernel and
a bootloader, then hack their device support on top and never gets it
upstream (if they even release the code at all).
Urghh.
Ironically, the A20 AllWinner SOC seems to have pretty good upstream
kernel support now, thanks pretty much entirely to the SunXi community
that sprung up out of AllWinner's original refusal to publish Linux
kernel code for their SOCs.
According to the SunXi community, AllWinner continue to violate the GPL:
http://linux-sunxi.org/GPL_Violations
-c
More information about the linux
mailing list