summaryrefslogtreecommitdiff
path: root/content/0021-migrating-away-from-eagle-to-kicad.html
blob: 37a4987138ac1eae7d5e2cdcf09c56c51f185e50 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
<!DOCTYPE html>
<html>
  <head>
    <meta charset="UTF-8" name="charset"><!-- pelican??? -->
    <title> Migrating away from Eagle, to KiCad </title>
    <meta name="date" content="2016-08-01 13:00:00">
    <meta name="last modified" content="2016-08-01 13:00:00">
    <meta name="keywords" content="neo900, eagle, kicad, n900, donation">
    <meta name="authors" content="hellekin">
    <meta name="description" content="Neo900 schematics now using free software KiCAD.">
  </head>

  <body>

    <p class="lead">
      The Neo900 team decided to move away from proprietary software
      Eagle and converted its schematics production to the KiCad
      open-source Electronics Design Automation
      (<abbr title="Electronics Design Automation">EDA</abbr>) suite.
    </p>

    <h2>Contents</h2>

    <p>Before jumping to Neo900 project updates since June, and our main
      feature, we'd like to share with you a recent vulnerability
      disclosure which shows the value of separating the telephony stack
      from the rest of the system.</p>

    <ol>
      <li><a href="#asn1-vulnerability">ASN.1 Vulnerability</a></li>
      <li><a href="#more-n900-sourcing">More N900 Sourcing</a></li>
      <li><a href="#neo900-whitepapers">Whitepapers Update</a></li>
      <li><a href="#feature">From Eagle to KiCad</a></li>
    </ol>

    <h3 id="asn1-vulnerability">ASN.1 Vulnerability</h3>

    <p>Following the decision of <abbr title="National Institute for
      Standards and Technology">NIST</abbr> to deprecate usage of SMS in
      two-factor authentication (we'll come back on this in an upcoming
      installment), this vulnerability disclosure confirms the interest
      of the unique design of Neo900 that isolates the baseband chip
      from power supply, making it dependent on the <abbr title="Central
      Processing Unit">CPU</abbr> (and the <abbr title="Operating
      System">OS</abbr>) to access anything else on the system, and
      preventing remote activation of the chip in the first place.</p>

    <p>Lucas Molas of <em>Programa STIC</em> discovered a <cite>Heap
      memory corruption in ASN.1 parsing code generated by Objective
      Systems Inc. ASN1C compiler for C/C++</cite> potentially affecting
      billions of phone users worldwide.  The proprietary software
      vendor received a bug report via <em>plain text email</em> on
      June, 1<sup>st</sup>, 2016, according to
      the <a href="https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080/">CVE-2016-5080</a>
      released on July, 18<sup>th</sup>, 2016 to the public in a
      coordinated release with the vendor.</p>

     <blockquote>Abstract Syntax Notation One (ASN.1) is a technical
       standard and formal notation that describes rules and structures
       for representing, encoding, transmitting, and decoding data in
       telecommunications and computer networking.</blockquote>

     <blockquote>A vulnerability found in the runtime support libraries
       of the ASN1C compiler for C/C++ from Objective Systems Inc. could
       allow an attacker to remotely execute code in software systems,
       including embeded software and firmware, that use code generated
       by the ASN1C compiler. The vulnerability could be triggered
       remotely without any authentication in scenarios where the
       vulnerable code receives and processes ASN.1 encoded data from
       untrusted sources, these may include communications between
       mobile devices and telecommunication network infrastructure
       nodes, communications between nodes in a carrier's network or
       across carrier boundaries, or communication between mutually
       untrusted endpoints in a data network.</blockquote>

     <p>The proprietary software vendor released a hot patch (v7.0.1)
       available upon request to their customers, and will integrate the
       fix in the upcoming v7.0.2 of their compiler.</p>

     <p>On July, 1<sup>st</sup>, Programa STIC mentioned that <q>memory
       corruption bugs in ASN.1 related components of an LTE stack have
       been announced or hinted at in several infosec conference
       presentations over the past few weeks and its likely the same or
         similar bugs will become public soon.</q></p>

     <h4>How is Neo900 Affected?</h4>

     <p>In
       our <a href="https://neo900.org/news/paypal-resumes-neo900-sources-again">last
       communication</a> we noted that <q><strong>Neo900 is the only
       phone that provides a hardware protection from remote activation
       of the baseband chip</strong></q>.  Therefore this vulnerability
       that potentially plagues all commercial phones on the planet,
       won't affect Neo900.</p>

    <p>Our exclusive Neo900 design is more valuable than ever!</p>

     <h3 id="more-n900-sourcing">More N900 Sourcing</h3>

     <p>After dowsing for a while, our boots in China confirmed the
       source mentioned previously!  We already received 20 more N900
       units responding to our quality criteria for enduring the
       metamorphosis into brand new Neo900 units for you lucky (and
       patient) early birds.  20 more units are on the way, and we
       expect more to come.  We're already at 70 units and
       counting.</p>

     <p>Again, if you know where to find some affordable stocks of N900
      units,
      please <a href="mailto:contact@neo900.org?Subject=N900%20Stock">contact
         us</a>!</p>

     <h3 id="neo900-whitepapers">Whitepapers Update</h3>

     <p>While we're at it, and to continue building momentum for
       our <a href="#feature">main feature</a> today, like if you were
       too early at the movies, let's have a look at what our mad
       scientists concocted since last June.</p>

     <p>

     <p>You can always follow our whitepapers updates directly from
       Werner in
       the <a href="http://talk.maemo.org/showthread.php?t=93498">Neo900
       Announcements</a> thread on talk.maemo.org, and access the whole
       up-to-date whitepaper collection from
       the <a href="https://neo900.org/resources">Resources section</a>
       at neo900.org.</p>

     <p>And now, without further ado, our main feature!</p>

     <h3 id="feature">From Eagle to KiCad</h3>

     <p>When Joerg took charge of the Neo900 project, the electronics
       design was made with Eagle, and was updated using that tool ever
       since.  Nikolaus Schaller, of OpenPandora fame, was the Eagle
       virtuoso, but our communication with his company, Golden
       Delicious, was hampered for a long time by incompatible tools and
       workflow.</p>

     <p>In 2016, Nikolaus faded away from Neo900, absorbed by the
       finishing touch to Neo900's sister
       project <a href="https://pyra-handheld.com">Pyra</a>.  Just a few
       weeks ago he confirmed that he couldn't follow up on the layout
       for Neo900, which prompted Joerg and Werner to consider
       alternatives.</p>

     <p>In the <abbr title="Electronics Design Automation">EDA</abbr>
       market, besides Eagle, there's Altium.  But Altium has the same
       flaw as Eagle: it's proprietary, and moreover, it's quite
       expensive.  Our rationalizing mind wants to say there's cognitive
       dissonance in using non-free software for a free hardware
       project.  And in hindsight, this sounds like a good
       rationalization.</p>

    <p>Among the open-source alternatives to Eagle (let's leave Altium
      in its own class), <a href="http://fritzing.org/">Fritzing</a>
      didn't match our need for multilayer board support;
      between <a href="http://geda-project.org/">gEDA</a>
      and <a href="http://kicad-pcb.org/">KiCad</a>, the choice was
      easy: the latter is much more popular, backed up
      by <abbr title="Centre Européen de Recherche
      Nucléaire">CERN</abbr> as part of
      the <a href="http://home.cern/about/updates/2015/02/kicad-software-gets-cern-treatment">Open
      Hardware Initiative</a>, and there are discussions to share
      codebase between the two projects [ref needed].</p>

    <h4>How does the move to KiCad influence Neo900 development?</h4>

    <p>The only major downside comes from the reduced access to
      Nikolaus' <abbr title="Open Multimedia Applications
      Platform">OMAP</abbr> know-how, although we hope he will be able
      to review our work.  On the other hand, we're no longer slowed
      down by uncertainty with regard to the future role of Golden
      Delicious in Neo900: this used to cause change requests to pile
      up, and we used white papers as a means of documenting what we
      couldn't change in the schematics in a timely manner.</p>

    <p>That gives us wings: with KiCad, we can now provide a more
      transparent development process and can now operate in a more
      schematics-centric mode, using white papers only where something
      actually needs explaining.</p>

    <p>We found out that KiCad's routing capabilities are superior to
      Eagle's:</p>

    <figure>
      <iframe width="560" height="315" src="https://www.youtube.com/embed/CCG4daPvuVI" frameborder="0" allowfullscreen></iframe>
      <figcaption>
        <a href="https://www.youtube.com/watch?v=CCG4daPvuVI">Demo of the KiCad router</a>
      </figcaption>
    </figure>

    <p>Moving to KiCad proved to be quite
    an <a href="https://www.youtube.com/watch?v=d5oO6fiyB7o">improvement
    over that</a>.</p>

    <h4>What's the progress on converting Neo900 schematics from Eagle
      to KiCad?</h4>

    <p>Progress is surprisingly fast.  We already completed the bulk of
      the conversion, and are now fixing bugs (some discovered during
      the conversion,
      and <a href="https://bugs.launchpad.net/kicad/+bug/1154131/comments/9">also
        in KiCad</a>.)</p>

    <p>In the coming weeks we're going to work on incorporating
    material <em>parked</em> in whitepapers (see above), [maybe leave
    that alone for now:] define the BB-mX interface for prototype v2
    (...)</p>

    <p>...</p>

    <p>Thank you for your attention,</p>

    <p>&ndash; hellekin for the Neo900 team</p>

    <p>P.S.: Feedback is welcome!  Did you enjoy reading this post?
      What else should it have covered?  What do you want to read in the
      news?  You can tell me: hellekin at neo900 dot org, or in the
      comments.</p>

</body>
</html>