Maximilian Luz
Maximilian Luz
> > So, there's the 03 that is normally only set for host-to-EC messages > > Yeah, AFAICT that just means the message was intended to go to TID 3...
I think it's possible this could also be interpreted as _debug to SAM_ and _SAM to host_, but I'm not sure if that would fit into the whole KIP perspective...
Ah, got it. That actually makes much more sense, thanks. I'll update the docs accordingly.
Alright, I've improved the handling for unknown/unsupported TIDs a bit: https://github.com/linux-surface/kernel/compare/32815a5c269b33541e58315fbc9cc866a4cb309f...351805f561beb9ff9c95b6c53338210632703ec6. Mostly just https://github.com/linux-surface/kernel/commit/f1b2c939ca190ac678ea03e9fc490323f7a84f3f, which means that instead of trying to match up the request ID to something that in...
Nice work! I'm kind of surprised that it's not signed. Is there any other protection against that or could just any random user with admin permissions on Windows upload some...
> My guess is that anyone who can communicate with the SAM can flash new firmware. You might even be able to do it via the Surflink connection (ie. without...
Yeah, HID interface is probably the most dangerous thing. Keylogging, full keyboard and touchpad control... I'd guess you could find ways to use that as a sort of basic rootkit...
> I actually wonder if the Surflink UART connection from the SAM is directly exposed on the Surflink connector, or if there is another controller in between. Might be fun...
Finally got around to unpack the SPX firmware and load it into Ghidra. Had to specify 0x67c as offset (not 0x66c), but with that, everything seems to work.
Thanks! That is quite helpful!