doc: document project

This commit is contained in:
King Kévin 2022-06-20 11:57:52 +02:00
parent c9adea88e4
commit 7d6caee37e
1 changed files with 44 additions and 1 deletions

View File

@ -1,7 +1,50 @@
these are the hardware design files for **insert project name here**.
the HDMI firewall protects your HDMI equipment from being hacked.
purpose
=======
HDMI is mainly used to transfer audio and video, but also offers a number of additional features (e.g. HPD, CEC, HEAC, MHL).
This increases the attack surface, and since the security of their implement in embedded devices if far from ideal, an attacker could exploit them and inject malicious code.
Now your unsuspicious video equipment is compromised and threatens your IT/network security.
And your monitor could then in turn hack back any other equipment connected to it.
For example, if you invite an external guest for a presentation inside your company.
For that you offer to connect to a video-project so he can show his slides.
This is the perfect opportunity for the guest to hack the video-project.
And next time an employee connect to this project, his laptop is hacked back.
And voila, the innocent guest managed to infiltrate your company network, and can exfiltrate confidential information.
The HDMI firewall block all the additional features, and only allow the equipment to receive audio and video data.
It is based on the research of Pierre-Michel RICORDEL and José LOPES-ESTEVES from ANSSI/SDE/ST/LSF presented during [SSTIC 2021](https://sstic.org/2021/presentation/un_pare_feu_pour_le_hdmi/).
usage
=====
You first have to copy the Extended Display Identification Data (EDID) information of the equipment to protect.
This data includes information such as the supported resolutions.
You can read it out using the I²C-based Display Data Channel (DDC) interface.
Then disable the write protect on the HDMI firewall using the switch (the LED will turn off).
Write the EDID data on the EEPROM of the HDMI firewall, and turn back on the write protection (the LED will turn on).
This will prevent attackers from injecting any malicious payload.
This only has to be done once (per monitor to protect).
Now connect the monitor to be protected on the corresponding port of the HDMI firewall.
Only allow users to connect on the untrusted device port.
Your equipment is not protected.
limitations
===========
High-bandwidth Digital Content Protection (HDCP) is not supported since the DDC interface is limited to the EDID information.
By default, turn the 5V forwarding off using the second switch on the HDMI firewall.
This reduces further more the attack surface.
If the monitor is not able to detect the connected device, then turn it back on.
mode of operation
=================
To protect the monitor, the HDMI firewall only forwards the signal lines used for audio/video data transfer (D0, D1, D2, CK).
All other signal lines are unconnected (CEC, SDA, SCL, utility/HEAC+, HPD).
The SDA/SCL lines used for the DDC interface to provide the EDID information to the device are connected to an EEPROM on the firewall.
This is where you need to copy the monitor information to.