This increases the attack surface, and since the security of their implement in embedded devices is far from ideal, an attacker could exploit them and inject malicious code.
It is based on the research of Pierre-Michel Ricordel and José Lopes Esteves from ANSSI/SDE/ST/LSF presented at the IT security conference [SSTIC 2021](https://sstic.org/2021/presentation/un_pare_feu_pour_le_hdmi/).
Some security research and vulnerabilities around CEC and EDID are listed in [slide 4](https://www.sstic.org/media/SSTIC2021/SSTIC-actes/un_pare_feu_pour_le_hdmi/SSTIC2021-Slides-un_pare_feu_pour_le_hdmi-lopes-esteves_ricordel.pdf).
The HDMI firewall can copy the EDID from the monitor:
1. ensure the firewall is connected to the monitor
1. unplug the device from the firewall
1. toggle the small switch labeled EDID/7 to the ALLOW/ON position
1. ensure the SDA/2 and SCL/3 switches are on the BLOCK/OFF position
1. plug the device to the firewall
1. this will power the firewall, which will copy the monitor EDID onto its internal memory, shown by a short blink of the ERROR LED
1. unplug the device, and switch back the EDID/7 switch to the BLOCK/OFF position so the firewall keeps and uses the copied EDID information
1. when connecting the device back in, you should see the same name as the monitor, with a '|' at the end, indicating you are using the write-protected EDID from the firewall
- 5V: some monitors require this line to detect when a device is plugged in, and since currently no other information is transferred over this line, it is rather safe to enable it
- Display Data Channel (DDC): High-bandwidth Digital Content Protection (HDCP) uses this interface. To enable it, switch SDA and SCL on. Warning: since the EDID is also transferred over this interface, the firewall can't provide a write-protected copy of it. Instead the original monitor EDID is used, maybe not write-protected.
- Consumer Electronics Control (CEC): this interface allows to remotely control equipment, such as setting the volume and powering on/off all connected devices and monitors at once
- HDMI Ethernet Channel (HEC), Audio Return Channel (ARC), and Mobile High-Definition Link (MHL): to enable these interfaces, switch UTIL and HPD on to forward the HEAC+ and HEAC- lines
The HDMI firewall can also be used to provide custom EDID, as it sometimes is faulty in the monitor.
For that you need to program the raw binary EDID (with up to 1 extension block) onto the STM8S103 EEPROM using the RST and SWIM lines made available on the back of the board.
If the monitor does not detect the device or does not display anything (but should), try to re-enable the 5V forward (as per default) by switching the 5V/1 switch to ALLOW/ON.
To read and play with EDID under Linux, you can use the instructions provided for the previous [HDMI firewall v1](https://git.cuvoodoo.info/kingkevin/board/src/tag/hdmi_firewall_v1/README.md).