Friday, February 15, 2013

Yet another hardware review

So, I've not resisted the temptation and have bought yet another gadget.

Introduction.

I figured sometimes it's more comfortable to have a separate ebook reader than open up a laptop. Still, despite their power efficiency and weeks of battery life, I hate e-ink screens, they look really blurry. And most readers have ancient CPUs like Intel PXA270 (which was quite popular in 2006, btw). I didn't really feel like waiting a couple seconds till a single page of a PDF is rendered. So I went  for a tablet.

This time it's a Barres&Noble Nook HD+. I did have previous experience of having an Acer Iconia A500 tablet (which I later gave to my cousin for hacking). And I definitely had some important criteria when choosing the device:

  • It should be lightweight. Not more than 600g. The 900g Iconia was barely possible to hold with one hand
  • Screen should be 9'' or less. Otherwise, one needs two hands not only for typing, but for holding the device as well
  • Screen resolution must be high. At least 200PPI, but 250+ is preferred. I really hate seing separate pixels (though I once had a phone with the 311PPI and still I could see them, but that's an extreme)
Unfortunately no nice Windows RT devices are available on the market. I mean, a 7 inch Windows tablet. Or take a look at those 10'' Asus tablets and MS Surface Pro. $1000 for something huge, heavy, ugly and with a 1366x768 screen? Microsoft has delivered nothing but a shipment of fail again, though no one was really expecting anything else.

So, why did I not go for the iPAD? Well, there were some reasons:
  • iPAD 4 is huge. And it's quite pricey for a 10 inch tablet
  • iPAD mini has an awful screen. 1024x768 is too low even for 7''.
  • The OS is not very hacker-friendly. And being a computer geek I want to tinker with any piece of hard- and software that slips into my hands.


Hardware

Nook HD+ 's primary function really is a book reader, not a tablet. Therefore, it lacks most common tablet features. It has no:
  • 3G
  • Camera
  • GPS
Actually, I think that's not bad. In fact, I've never used any of them on a tablet since I have a phone for that. Moreover, from the hacking prospective that means less messing around with drivers and proprietary binaries.

The screen resolution is 1920x1280 @ 9'' giving it the 256 PPI, slightly less than iPAD4 (which has 264), but quite nice anyway. The screen is nice, without any ripple or grid.

OMAP4470 is quite a fast dual-core CPU, and the user interface seems to be responsive, without freezes.

The downside is of course the proprietary USB connector and the lack of USB charging support from the PC (yeah, the stock charger is 2A, but USB 3.0 could in theory power that).

Software

Overall, the default firmware is quite nice if you're going to use the device as an ebook reader, not as a tablet. The Android UI is very well hidden behind the revamped graphics.

The most annoying thing is the welcome screen on the first boot that will not let you use the device unless you have the wifi connection to download the firmware updates and sign up for the B&N service.

The book reader app is quite nice and there are some free books in the store, which is a plus. Besides, you can of course copy the PDF files to the device manually.

The device doesn't have Google Apps installed by default - so no GMail and no Play Store
The lack of Play Store brings another interesting point. The majority of free apps from Play Store (like the Cut The Rope game) cost around $2.0 here. So just root it and install GApps :D

Hacking


The good news is that this device is very hackable and friendly for the free software developers.

First, let's look at the bootup process.
The OMAP4 System-on-Chip used in the device implements the secure booting by establishing the chain of trust.

Chain of trust

The chain of trust begins with the code in the SROM (secure read-only memory). This is an OTP (one-time programmable) area inside the CPU meaning that the code cannot be changed once written there. It then verifies the secondary bootloader using the public-key message authentication code. The secondary bootloader (SBL) in turn verifies the authenticity and integrity of the OS kernel. And then of course every OS has miriads of security holes like dangling pointers, lack of array bound checking and are vulnerable to stack smashing techiques. So if you want to hack the device, there's always some way  to exploit a vulnerability in linux. But even if a user can run their "malicious" untrusted code, the vendor can

When the chain of trust is implemented properly, the device is unhackable. Like motorola omap3 phones where the only means of running custom code is kexec from linux. Luckily, most vendors make stupid mistakes and the whole chain is easily compromised. For example, early revisions of the Samsung Galaxy Nexus phone had the xloader which did not check the SBL signature. Since the xloader was signed by Samsung, it allowed to replace SBL with a custom bootloader (u-boot) which I'v certainly done.On the nook this security measure is not used at all.


The bootloader on the device is locked, and doesn't seem to support fastboot.

The good thing is that the B&N cannot lock down the device in further software updates (only hardware revisions) because the chain of trust is disabled and the SROM code loads arbitrary code from the miniSD card. And this allows to run any kind of custom ROMs.

There already exists a CM10 port which converts the device into a full-featured tablet.

The only really non-free part is the PowerVR GPU. While there exist open-source drivers for some ARM GPUs (freedreno for Qualcomm chips even has a working mesa driver, while Mali in Samsung Exynos is only capable of running Quake 3 (linked against the driver) with the free Lima driver). For PowerVR there are unfortunately no free drivers but the closed-source ones exist for X11, are package for Ubuntu and should be quite good.

I guess I should try to get Ubuntu and Genode running on the tablet. Just for fun. Because we can :)