From 7d6caee37e946ff0f9ab9ed68ba64a582ecb39b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?King=20K=C3=A9vin?= Date: Mon, 20 Jun 2022 11:57:52 +0200 Subject: [PATCH] doc: document project --- README.md | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7c35594..243b297 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,50 @@ -these are the hardware design files for **insert project name here**. +the HDMI firewall protects your HDMI equipment from being hacked. purpose ======= +HDMI is mainly used to transfer audio and video, but also offers a number of additional features (e.g. HPD, CEC, HEAC, MHL). +This increases the attack surface, and since the security of their implement in embedded devices if far from ideal, an attacker could exploit them and inject malicious code. +Now your unsuspicious video equipment is compromised and threatens your IT/network security. +And your monitor could then in turn hack back any other equipment connected to it. + +For example, if you invite an external guest for a presentation inside your company. +For that you offer to connect to a video-project so he can show his slides. +This is the perfect opportunity for the guest to hack the video-project. +And next time an employee connect to this project, his laptop is hacked back. +And voila, the innocent guest managed to infiltrate your company network, and can exfiltrate confidential information. + +The HDMI firewall block all the additional features, and only allow the equipment to receive audio and video data. +It is based on the research of Pierre-Michel RICORDEL and José LOPES-ESTEVES from ANSSI/SDE/ST/LSF presented during [SSTIC 2021](https://sstic.org/2021/presentation/un_pare_feu_pour_le_hdmi/). + usage ===== + +You first have to copy the Extended Display Identification Data (EDID) information of the equipment to protect. +This data includes information such as the supported resolutions. +You can read it out using the I²C-based Display Data Channel (DDC) interface. +Then disable the write protect on the HDMI firewall using the switch (the LED will turn off). +Write the EDID data on the EEPROM of the HDMI firewall, and turn back on the write protection (the LED will turn on). +This will prevent attackers from injecting any malicious payload. +This only has to be done once (per monitor to protect). + +Now connect the monitor to be protected on the corresponding port of the HDMI firewall. +Only allow users to connect on the untrusted device port. +Your equipment is not protected. + +limitations +=========== + +High-bandwidth Digital Content Protection (HDCP) is not supported since the DDC interface is limited to the EDID information. + +By default, turn the 5V forwarding off using the second switch on the HDMI firewall. +This reduces further more the attack surface. +If the monitor is not able to detect the connected device, then turn it back on. + +mode of operation +================= + +To protect the monitor, the HDMI firewall only forwards the signal lines used for audio/video data transfer (D0, D1, D2, CK). +All other signal lines are unconnected (CEC, SDA, SCL, utility/HEAC+, HPD). +The SDA/SCL lines used for the DDC interface to provide the EDID information to the device are connected to an EEPROM on the firewall. +This is where you need to copy the monitor information to.