doc: added custom EDID programming
This commit is contained in:
parent
18926c4cc9
commit
8ea411fd8a
119
README.md
119
README.md
|
@ -43,7 +43,7 @@ The HDMI firewall can copy the EDID from the monitor:
|
||||||
1. plug the device to the firewall
|
1. plug the device to the firewall
|
||||||
1. this will power the firewall, which will copy the monitor EDID onto its internal memory, shown by a short blink of the ERROR LED
|
1. this will power the firewall, which will copy the monitor EDID onto its internal memory, shown by a short blink of the ERROR LED
|
||||||
1. unplug the device, and switch back the EDID/7 switch to the BLOCK/OFF position so the firewall keeps and uses the copied EDID information
|
1. unplug the device, and switch back the EDID/7 switch to the BLOCK/OFF position so the firewall keeps and uses the copied EDID information
|
||||||
1. when connecting the device back in, you should see the same name as the monitor, with a '|' at the end, indicating you are using the write-protected EDID from the firewall
|
1. when connecting the device back in, you should see the same name as the monitor, with a '|' at the end, indicating you are using the EDID from the firewall
|
||||||
|
|
||||||
The HDMI firewall allows to select which interfaces are blocked using the switches.
|
The HDMI firewall allows to select which interfaces are blocked using the switches.
|
||||||
The highest security is provided when blocking all lines by setting the switches to the BLOCK position.
|
The highest security is provided when blocking all lines by setting the switches to the BLOCK position.
|
||||||
|
@ -101,4 +101,119 @@ If the ERROR LED stays on, it means copying the EDID failed:
|
||||||
- the EDID of the monitor might be corrupted or have an invalid checksum, in which case the firewall will not copy it
|
- the EDID of the monitor might be corrupted or have an invalid checksum, in which case the firewall will not copy it
|
||||||
- the firewall EEPROM memory has worn out or is defective (it should last 300 thousand copies)
|
- the firewall EEPROM memory has worn out or is defective (it should last 300 thousand copies)
|
||||||
|
|
||||||
To read and play with EDID under Linux, you can use the instructions provided for the previous [HDMI firewall v1](https://git.cuvoodoo.info/kingkevin/board/src/tag/hdmi_firewall_v1/README.md).
|
custom EDID
|
||||||
|
===========
|
||||||
|
|
||||||
|
It is possible to write custom EDID on the HDMI firewall, for example because:
|
||||||
|
|
||||||
|
- the monitor's original EDID is corrupted
|
||||||
|
- you want to disable a feature or resolution causing your device to misbehave
|
||||||
|
- you want to re-enable a feature the monitor actually supports
|
||||||
|
- the KVM switch does not reflect the HDMI monitor change
|
||||||
|
- you want to do security research
|
||||||
|
|
||||||
|
For that you can use the debugging pins left on the board, and [program](https://git.cuvoodoo.info/kingkevin/stm8s/src/branch/hdmi_firewall/README.md) the raw EDID in the STM8S EEPROM area using an ST-LINK/V2 programmer.
|
||||||
|
|
||||||
|
If you switch EDID to the ALLOW position, the HDMI firewall's EEPROM is not write-protected (on devices shipped after 2022-08-19).
|
||||||
|
This allows to use the HDMI connection to write the EEPROM content using the DDC's I²C bus, and does not required an external programmer.
|
||||||
|
|
||||||
|
These instructions are for Linux.
|
||||||
|
For Windows see the instructions provided in the [original research slides](https://www.sstic.org/media/SSTIC2021/SSTIC-actes/un_pare_feu_pour_le_hdmi/SSTIC2021-Slides-un_pare_feu_pour_le_hdmi-lopes-esteves_ricordel.pdf) (untested).
|
||||||
|
|
||||||
|
Install tools to read/write I²C devices:
|
||||||
|
|
||||||
|
- for Debian-based distributions
|
||||||
|
|
||||||
|
~~~
|
||||||
|
sudo apt install i2c-tools
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Make the I²C buses user accessible (under /dev/i2c-*):
|
||||||
|
|
||||||
|
~~~
|
||||||
|
sudo modprobe i2c-dev
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Now we have to figure out which I²C bus corresponds to the HDMI port.
|
||||||
|
First list the available buses:
|
||||||
|
|
||||||
|
~~~
|
||||||
|
sudo i2cdetect -l
|
||||||
|
~~~
|
||||||
|
|
||||||
|
You should see something like this:
|
||||||
|
|
||||||
|
~~~
|
||||||
|
i2c-0 smbus SMBus PIIX4 adapter port 0 at 0b00 SMBus adapter
|
||||||
|
i2c-1 smbus SMBus PIIX4 adapter port 2 at 0b00 SMBus adapter
|
||||||
|
i2c-2 smbus SMBus PIIX4 adapter port 1 at 0b20 SMBus adapter
|
||||||
|
i2c-3 i2c AMDGPU DM i2c hw bus 0 I2C adapter
|
||||||
|
i2c-4 i2c AMDGPU DM i2c hw bus 1 I2C adapter
|
||||||
|
i2c-5 i2c AMDGPU DM i2c hw bus 2 I2C adapter
|
||||||
|
i2c-6 i2c AMDGPU DM i2c hw bus 3 I2C adapter
|
||||||
|
i2c-7 i2c AMDGPU DM aux hw bus 0 I2C adapter
|
||||||
|
i2c-8 i2c AMDGPU DM aux hw bus 2 I2C adapter
|
||||||
|
i2c-9 i2c AMDGPU DM aux hw bus 3 I2C adapter
|
||||||
|
i2c-10 i2c DPMST I2C adapter
|
||||||
|
i2c-11 i2c DPMST I2C adapter
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Candidate buses are 3 to 9, used by the GPU (number after i2c- in the first column).
|
||||||
|
|
||||||
|
Disconnect everything from the HDMI port, and scan for devices on each I²C bus (replace BUS with the bus number):
|
||||||
|
|
||||||
|
~~~
|
||||||
|
sudo i2cdetect -y BUS
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Since nothing is connected, no device should be detected, and the output should look like this:
|
||||||
|
|
||||||
|
~~~
|
||||||
|
0 1 2 3 4 5 6 7 8 9 a b c d e f
|
||||||
|
00: -- -- -- -- -- -- -- --
|
||||||
|
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
70: -- -- -- -- -- -- -- --
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Now connect the HDMI firewall on the device side to your HDMI port and re-scan for devices.
|
||||||
|
If you see the following result, you found the I²C bus of the HDMI port.
|
||||||
|
Else continue with the next bus.
|
||||||
|
|
||||||
|
~~~
|
||||||
|
0 1 2 3 4 5 6 7 8 9 a b c d e f
|
||||||
|
00: -- -- -- -- -- -- -- --
|
||||||
|
10: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
50: 50 -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
|
||||||
|
70: -- -- -- -- -- -- -- --
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Write your custom EDID data `edid.bin` to the HDMI firewall (replace BUS with corresponding bus number):
|
||||||
|
|
||||||
|
~~~
|
||||||
|
for addr in `seq 0 255`; do echo $addr; sudo i2cset -y BUS 0x50 $addr 0x`xxd -p -l 1 -s $addr edid.bin`; done
|
||||||
|
~~~
|
||||||
|
|
||||||
|
To verify the data has been written correctly, compare original data with the one on the EEPROM:
|
||||||
|
|
||||||
|
~~~
|
||||||
|
# display original dumped data
|
||||||
|
xxd -g 1 edid.bin
|
||||||
|
# display data written on EEPROM
|
||||||
|
sudo i2cdump -y BUS 0x50
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Once writing the EDID to the HDMI firewall memory succeeded:
|
||||||
|
|
||||||
|
- re-enable write protection by toggling the EDID switch to the BLOCK position
|
||||||
|
- re-plug the HDMI firewall for the device to retrieve the newly written EDID
|
||||||
|
|
||||||
|
To read and play with EDID under Linux, you can use the tips provided for the previous [HDMI firewall v1](https://git.cuvoodoo.info/kingkevin/board/src/tag/hdmi_firewall_v1/README.md).
|
||||||
|
|
Loading…
Reference in New Issue