doc: added custom EDID programming

This commit is contained in:
King Kévin 2022-08-19 16:45:23 +02:00
parent 18926c4cc9
commit 8ea411fd8a
1 changed files with 117 additions and 2 deletions

119
README.md
View File

@ -43,7 +43,7 @@ The HDMI firewall can copy the EDID from the monitor:
1. plug the device to the firewall
1. this will power the firewall, which will copy the monitor EDID onto its internal memory, shown by a short blink of the ERROR LED
1. unplug the device, and switch back the EDID/7 switch to the BLOCK/OFF position so the firewall keeps and uses the copied EDID information
1. when connecting the device back in, you should see the same name as the monitor, with a '|' at the end, indicating you are using the write-protected EDID from the firewall
1. when connecting the device back in, you should see the same name as the monitor, with a '|' at the end, indicating you are using the EDID from the firewall
The HDMI firewall allows to select which interfaces are blocked using the switches.
The highest security is provided when blocking all lines by setting the switches to the BLOCK position.
@ -101,4 +101,119 @@ If the ERROR LED stays on, it means copying the EDID failed:
- the EDID of the monitor might be corrupted or have an invalid checksum, in which case the firewall will not copy it
- the firewall EEPROM memory has worn out or is defective (it should last 300 thousand copies)
To read and play with EDID under Linux, you can use the instructions provided for the previous [HDMI firewall v1](https://git.cuvoodoo.info/kingkevin/board/src/tag/hdmi_firewall_v1/README.md).
custom EDID
===========
It is possible to write custom EDID on the HDMI firewall, for example because:
- the monitor's original EDID is corrupted
- you want to disable a feature or resolution causing your device to misbehave
- you want to re-enable a feature the monitor actually supports
- the KVM switch does not reflect the HDMI monitor change
- you want to do security research
For that you can use the debugging pins left on the board, and [program](https://git.cuvoodoo.info/kingkevin/stm8s/src/branch/hdmi_firewall/README.md) the raw EDID in the STM8S EEPROM area using an ST-LINK/V2 programmer.
If you switch EDID to the ALLOW position, the HDMI firewall's EEPROM is not write-protected (on devices shipped after 2022-08-19).
This allows to use the HDMI connection to write the EEPROM content using the DDC's I²C bus, and does not required an external programmer.
These instructions are for Linux.
For Windows see the instructions provided in the [original research slides](https://www.sstic.org/media/SSTIC2021/SSTIC-actes/un_pare_feu_pour_le_hdmi/SSTIC2021-Slides-un_pare_feu_pour_le_hdmi-lopes-esteves_ricordel.pdf) (untested).
Install tools to read/write I²C devices:
- for Debian-based distributions
~~~
sudo apt install i2c-tools
~~~
Make the I²C buses user accessible (under /dev/i2c-*):
~~~
sudo modprobe i2c-dev
~~~
Now we have to figure out which I²C bus corresponds to the HDMI port.
First list the available buses:
~~~
sudo i2cdetect -l
~~~
You should see something like this:
~~~
i2c-0 smbus SMBus PIIX4 adapter port 0 at 0b00 SMBus adapter
i2c-1 smbus SMBus PIIX4 adapter port 2 at 0b00 SMBus adapter
i2c-2 smbus SMBus PIIX4 adapter port 1 at 0b20 SMBus adapter
i2c-3 i2c AMDGPU DM i2c hw bus 0 I2C adapter
i2c-4 i2c AMDGPU DM i2c hw bus 1 I2C adapter
i2c-5 i2c AMDGPU DM i2c hw bus 2 I2C adapter
i2c-6 i2c AMDGPU DM i2c hw bus 3 I2C adapter
i2c-7 i2c AMDGPU DM aux hw bus 0 I2C adapter
i2c-8 i2c AMDGPU DM aux hw bus 2 I2C adapter
i2c-9 i2c AMDGPU DM aux hw bus 3 I2C adapter
i2c-10 i2c DPMST I2C adapter
i2c-11 i2c DPMST I2C adapter
~~~
Candidate buses are 3 to 9, used by the GPU (number after i2c- in the first column).
Disconnect everything from the HDMI port, and scan for devices on each I²C bus (replace BUS with the bus number):
~~~
sudo i2cdetect -y BUS
~~~
Since nothing is connected, no device should be detected, and the output should look like this:
~~~
0 1 2 3 4 5 6 7 8 9 a b c d e f
00: -- -- -- -- -- -- -- --
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
70: -- -- -- -- -- -- -- --
~~~
Now connect the HDMI firewall on the device side to your HDMI port and re-scan for devices.
If you see the following result, you found the I²C bus of the HDMI port.
Else continue with the next bus.
~~~
0 1 2 3 4 5 6 7 8 9 a b c d e f
00: -- -- -- -- -- -- -- --
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
50: 50 -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
70: -- -- -- -- -- -- -- --
~~~
Write your custom EDID data `edid.bin` to the HDMI firewall (replace BUS with corresponding bus number):
~~~
for addr in `seq 0 255`; do echo $addr; sudo i2cset -y BUS 0x50 $addr 0x`xxd -p -l 1 -s $addr edid.bin`; done
~~~
To verify the data has been written correctly, compare original data with the one on the EEPROM:
~~~
# display original dumped data
xxd -g 1 edid.bin
# display data written on EEPROM
sudo i2cdump -y BUS 0x50
~~~
Once writing the EDID to the HDMI firewall memory succeeded:
- re-enable write protection by toggling the EDID switch to the BLOCK position
- re-plug the HDMI firewall for the device to retrieve the newly written EDID
To read and play with EDID under Linux, you can use the tips provided for the previous [HDMI firewall v1](https://git.cuvoodoo.info/kingkevin/board/src/tag/hdmi_firewall_v1/README.md).