doc: update usage for v1
This commit is contained in:
parent
ff3fe4f2c4
commit
9087beec8e
19
README.md
19
README.md
|
@ -23,24 +23,25 @@ usage
|
||||||
You first have to copy the Extended Display Identification Data (EDID) information of the equipment to protect.
|
You first have to copy the Extended Display Identification Data (EDID) information of the equipment to protect.
|
||||||
This data includes information such as the supported resolutions.
|
This data includes information such as the supported resolutions.
|
||||||
You can read it out using the I²C-based Display Data Channel (DDC) interface.
|
You can read it out using the I²C-based Display Data Channel (DDC) interface.
|
||||||
Then disable the write protect on the HDMI firewall using the switch (the LED will turn off).
|
Write the EDID data on the EEPROM of the HDMI firewall, and break the tab using pliers to enable write protection.
|
||||||
Write the EDID data on the EEPROM of the HDMI firewall, and turn back on the write protection (the LED will turn on).
|
|
||||||
This will prevent attackers from injecting any malicious payload.
|
This will prevent attackers from injecting any malicious payload.
|
||||||
This only has to be done once (per monitor to protect).
|
This only has to be done once (per monitor to protect).
|
||||||
|
|
||||||
Now connect the monitor to be protected on the corresponding port of the HDMI firewall.
|
Now plug in the HDMI firewall in the monitor to be protected.
|
||||||
Only allow users to connect on the untrusted device port.
|
Connect the cable going to the untrusted device on the HDMI firewall.
|
||||||
Your equipment is not protected.
|
Your equipment is now protected.
|
||||||
|
|
||||||
|
To re-write the EEPROM of the HDMI firewall in case you want to protect another monitor, you can re-disable write protection by putting a solder blob across the two pads marked WP.
|
||||||
|
|
||||||
|
By default, the 5V supplied by the monitor are forwarded to the device.
|
||||||
|
To further reduce the attack surface, you can disable this by cutting the trace between the two pads marked 5V.
|
||||||
|
The risk is that some monitors rely on this signal to detect when a device is plugged in.
|
||||||
|
|
||||||
limitations
|
limitations
|
||||||
===========
|
===========
|
||||||
|
|
||||||
High-bandwidth Digital Content Protection (HDCP) is not supported since the DDC interface is limited to the EDID information.
|
High-bandwidth Digital Content Protection (HDCP) is not supported since the DDC interface is limited to the EDID information.
|
||||||
|
|
||||||
By default, turn the 5V forwarding off using the second switch on the HDMI firewall.
|
|
||||||
This reduces further more the attack surface.
|
|
||||||
If the monitor is not able to detect the connected device, then turn it back on.
|
|
||||||
|
|
||||||
mode of operation
|
mode of operation
|
||||||
=================
|
=================
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue