LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Viruses?

Viruses?

Posted Jan 20, 2012 6:08 UTC (Fri) by BenHutchings (subscriber, #37955)
In reply to: Viruses? by raven667
Parent article: SFLC: Microsoft confirms UEFI fears, locks down ARM devices

The code verification chains for the three popular consoles have been cracked repeatedly. The PS3 seems to have been left alone for a long time because OtherOS let people run their own software legitimately, but was cracked fairly quickly after Sony removed that feature in a firmware update.

One of the obstacles to disassembling and finding weaknesses in the code verification chain seems to have been that the relevant code has been embedded within ASICs and/or encrypted. But neither of those are being proposed or are likely to be practical in a general-purpose PC.

(Log in to post comments)

Sorry, but this is not true

Posted Jan 20, 2012 6:27 UTC (Fri) by khim (subscriber, #9252) [Link]

The code verification chains for the three popular consoles have been cracked repeatedly.

Sorry, but no. Only Wii (which apparently had security bolted on after the initial design) can be broken using only software without any specialized hardware.

XBox360 does not have any software exploits: all the existing break-ins require hardware modifications.

PS3 was only broken once, that happened half-year after removal of OtherOS and was quickly and efficiently remotely patched: if you ever upgrade your PS3 to firmware version 3.56 you'll lose the ability to break the code verification chain. The time where you had the ability to use PSN on cracked console was short indeed.

One of the obstacles to disassembling and finding weaknesses in the code verification chain seems to have been that the relevant code has been embedded within ASICs and/or encrypted.

Right - this is natural next step. This will happen eventually. Actually this is already true for ARM devices (they usually are built as a single SOC with many different chips tied together) - perhaps this is why Microsoft is more concerned about them? It knows x86 will be crackable for a few more years anyway...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds