bug-mes
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using hex programs

From: Jeremiah
Subject: Re: Using hex programs
Date: Sat, 25 Sep 2021 03:23:47 +0000 
> When checking out stage0, I found
The Generated bootstrap seeds one needs if one is unable to hand toggle
in their own.

> The README says never to trust anything.
It is to reflect the reality that I could be an evil genius who tampered
with the binaries in a way you wouldn't be able to detect.

> Does this mean it's encouraging you to hand-convert ASCII Hex to a binary 
> before executing stage0?
Or do a sanity check using any method you like to generate the binaries
from the hex0 source code that exists with them.

But if you choose not to do so, that is entirely your choice.

As it takes about 2 days to manually verify the binaries.
Or 2 hours to hand toggle them in.
Or 10 seconds to use sed+xxd to rebuild them from source.


> Also: The materials I'm reading just say "hex program" without
> mentioning CPU architecture.
Yes, because hex0 is universal for all architectures which have
instructions that can be expressed as a series of bytes of 8bits in length.

> Isn't a hex program a particular encoding of an ELF executable for an
> architecture, or is there more to it than that?
Well that depends. See Hex0 programs can be bare metal (no OS so no ELF
bits) or run on DOS (just a COM file) or run on any POSIX (then probably
have ELF bits unless you select other than ELF executable format)

If you look carefully at https://github.com/oriansj/bootstrap-seeds
You first should notice there are separate folders: NATIVE and POSIX
and inside of those you have different architectures.

So depending on how you wish to bootstrap, you need to select different
root binaries.

> My understanding is that you want to hand-code the seed so that you
> know it's fine for yourself, but the seed is architecture dependent.
It would be best if the time from me being compromised to the time for
the world to discover I inserted something evil in the bootstrap be as
close to zero as humanly possible to minimize the incentive to
compromise me.

Hopefully that addresses what you are asking but if not, let me know and
I will attempt to clarify further.

-Jeremiah
reply via email to
[Prev in Thread] Current Thread [Next in Thread]