http://nenolod.net/~nenolod/sholes-k...explained.html
Sholes signing key leak explained
The Motorola(r) sholes platform uses a trusted bootloader environment. Signatures are stored as part of the CDT stored on the NAND flash. mbmloader verifies the signature on mbm before passing control. mbm verifies all other signatures before allowing the device to boot.
There is a vulnerability in the way that Motorola generated the signatures on the sections stored in the CDT. This vulnerability is very simple. Like on the PlayStation 3, Motorola forgot to add a random value to the signature in order to mask the private key. This allowed the private key and initialization vector to be cracked.
The keys can be cracked using Mathematica. Read up on how the Elgamal signature scheme works.
Ok, what does this mean?
Please refer to the following table:
Boot chain component Status
OMAP secure bootrom secure
Secure keystore replaceable
mbmloader secure, but irrelevant, replaceable but unnecessary
mbm secure, but irrelevant, replaceable but unnecessary
recovery replaceable (providing new keys is recommended)
system replaceable (providing new keys is recommended)
bootimage replaceable (providing new keys is recommended)
I do not plan on doing any more work on this. But all information has been handed over to people who are working on this. Follow the FreeMyMoto people for their progress.
Advisory history
* December 20th, 2010