5

The Libre Tea Computer Card is a single-board computer that comes without any proprietary software (at least that’s the goal, it’s currently in crowdfunding):

[…] all firmware and kernel sources are GPL-licensed and will always remain so, and have been vetted in advance and do not contain any copyright violations or proprietary license-violating blobs (an extremely common practice nowadays).

It uses the Allwinner A20 as SoC, which uses Mali400 as GPU. There doesn’t seem to exist a working free/libre driver for Mali400, so this GPU will (by default) not be used in the Libre Tea Computer Card:

[…] it turns out that the MALI GPU is entirely memory-mapped. if you try to do "lsusb" or "cat /proc/cpuinfo" or any other kind of exploration from userspace, if you haven't compiled up mali.ko you LITERALLY cannot even SEE the MALI GPU from userspace. guess what we will not be doing? :) we will not be adding CONFIG_MALI=y to the linux kernel build process. thus, it becomes literally impossible for the average end-user to accidentally end up installing the proprietary non-free MALI 3D GPU code.

(This is probably enough to get the FSF "Respects Your Freedom" certification.)

Let’s assume the user does not intend to use the Mali GPU, so the user does not add support for it when compiling the kernel.

Is there any security risk in having this "dead" GPU?

Could it contain and run code that does something on its own (e.g., reading/manipulating/sending the user’s data), or has the OS full control over it?

unor
  • 1,769
  • 1
  • 19
  • 38

1 Answers1

1

A GPU is a secondary processor which accepts compute kernels, small bits of executable code that it runs many times in parallel on graphics data. The GPU is controlled by the operating system and by the firmware. Many GPUs do have the ability to perform direct memory accesses (DMA), which can be a security issue if it has been compromised. There are PoCs available which can do this, however to insert the malware and compromise the GPU, the operating system must be compromised in the first place. As a result, there are only two circumstances where one can be risky:

  • The GPU ships with compromised firmware, being "backdoored" from the get-go.
  • The operating system is compromised, which offloads malware to the GPU for stealth.

This means it is not likely for an unused GPU to be a security issue. If it is still a risk within your threat model, some systems have an I/OMMU, which can be used to isolate the memory regions a device can access. This can prevent a compromised or malicious GPU from performing DMA attacks.

forest
  • 64,616
  • 20
  • 206
  • 257
  • Let’s assume the GPU ships with compromised firmware, but the OS is not compromised (and the OS doesn’t enable the GPU). Can the GPU perform DMA on its own with such a firmware, or is the cooperation from the OS required? – unor Jan 23 '18 at 14:33
  • 1
    The GPU can then compromise the system through early DMA, before the IOMMU has a chance to initialize. That can only be solved by using a TPM for SRTM (Static Root of Trust for Measurement), which can be a pain. There's really no reason to worry about the GPU being compromised though. There are a million other components of a system that can be backdoored if one wishes. – forest Jan 24 '18 at 12:57