Hikvision Secure Boot

[watchful_ip]

Hi there

Sadly I have to report that the new Accusense G2 4K camera I got today is secure boot. Dahua went this route recently also.

Unless a workaround is found that pretty much prevents modification if you prefer proper root shell access, running what you want on your camera etc. That's a real end of an era for me as I started buying Hikvision cameras precisely because I had access to them and customize them to meet my needs (and satisfy my curiosity!). Also it will make it harder for security researchers to double check Hikvision products/updates.

Looks like applies to the bootloader, minisys and the kernel (i.e. they have to be signed otherwise the previous link in the chain won't boot it). Presumably a sign of things to come.

If you are a "normal" user then it likely won't affect you. If you are like me then it's time to consider alternatives.

 

[alastairstevenson]

Unless a workaround is found that pretty much prevents modification if you prefer proper root shell access, running what you want on your camera etc. That's a real end of an era for me as I started buying Hikvision cameras precisely because I had access to them and customize them to meet my needs (and satisfy my curiosity!). Also it will make it harder for security researchers to double check Hikvision products/updates.

I agree.
It's designed by the chip manufacturer to be secure - and it is, when fully chained.

 

[watchful_ip]

Fully chained AND with no software or hardware vulnerabilities (including the kernel + application layer)

I can understand they didn't want people changing languages on their devices back in the day, but that doesn't seem like much of an issue anymore anyway.

But I suppose phone manufacturers do the same thing so hard to deride Hikvision too much to be fair. I just want to do what I want on MY cameras.