Introduction

Python is everywhere, from data science to web development. It’s beginner-friendly and versatile, making it one of the most sought-after skills for 2025 and beyond. This article outlines a practical, step-by-step roadmap to master Python and grow your career.

Learning Time Frame

The time it takes to learn Python depends on your goals and prior experience. Here’s a rough timeline:

• 1-3 Months: Grasp the basics, like syntax, loops, and functions. Start small projects.
• 4-12 Months: Move to intermediate topics like object-oriented programming and essential libraries. Build practical projects.
• Beyond 1 Year: Specialize in areas like web development, data science, or machine learning.

Consistency matters more than speed. With regular practice, you can achieve meaningful progress in a few months.

Steps for Learning Python Successfully

1. Understand Your Motivation
   • Define your goals. Whether for a career change, personal projects, or academic growth, knowing your “why” keeps you focused.
2. Start with the Basics
   • Learn Python syntax, data types, loops, and conditional statements. This foundation is key for tackling more complex topics.
3. Master Intermediate Concepts
   • Explore topics like object-oriented programming, file handling, I/O operations and libraries such as pandas and NumPy.
4. Learn by Doing
   • Apply your skills through coding exercises and small projects. Real practice strengthens understanding.
5. Build a Portfolio
   • Showcase your skills with projects like web apps, or basic data analysis dashboard. A portfolio boosts job prospects.
6. Challenge Yourself Regularly
   • Stay updated with Python advancements and take on progressively harder tasks to improve continuously.

4. Python Learning Plan

Month 1-3

• Focus on basics: syntax, data types, loops, and functions.
• Start using libraries like pandas and NumPy for data manipulation.

Month 4-6

• Dive into intermediate topics: object-oriented programming, file handling, and data visualization with matplotlib.
• Experiment with APIs using the FastAPIy and Postman

Month 7 and Beyond

• Specialize based on your goals:
  • Web Development: Learn Flask or Django for backend
  • Data Science: Explore TensorFlow, Scikit-learn, and Kaggle
  • Automation: Work with tools like Selenium for Web Scraping

This timeline is flexible—adapt it to your pace and priorities.

5. Top Tips for Effective Learning

1. Choose Your Focus
   • Decide what interests you most—web development, data science, or automation. A clear focus helps you navigate the vast world of Python.
2. Practice Regularly
   • Dedicate time daily or weekly to coding. Even short, consistent practice sessions with platforms like HackerRank will build your skills over time
3. Work on Real Projects
   • Apply your learning to practical problems. Train a ML model, automate a task, or analyze a dataset. Projects reinforce knowledge and make learning fun.
4. Join a Community
   • Engage with Python communities online or locally. Networking with others can help you learn faster and stay motivated.
5. Take Your Time
   • Don’t rush through concepts. Understanding the basics thoroughly is essential before moving to advanced topics.
6. Revisit and Improve
   • Go back to your old projects and refine them. Optimization teaches you new skills and helps you see your progress.

Best Ways to Learn Python in 2025

1. Online Courses

Platforms like Youtube, Coursera and Udemy offer structured courses for all levels, from beginners to advanced learners.

2. Tutorials

Hands-on tutorials from sites like Real Python and Python.org are great for practical, incremental learning.

3. Cheat Sheets

Keep cheat sheets for quick references to libraries like pandas, NumPy, and Matplotlib. These are invaluable when coding.

4. Projects

Start with simple projects like to-do lists apps. Gradually, take on more complex projects such as web apps or machine learning models.

5. Books

For beginners, Automate the Boring Stuff with Python by Al Sweigart simplifies learning. Advanced learners can explore Fluent Python by Luciano Ramalho.

To understand how Python is shaping careers in tech, read The Rise of Python and Its Impact on Careers in 2025.

Conclusion

Python is more than just a programming language; it’s a gateway to countless opportunities in tech. With a solid plan, consistent practice, and real-world projects, anyone can master it. Whether you’re a beginner or looking to advance your skills, Python offers something for everyone.

If you’re ready to fast-track your learning, consider enrolling in OpenCV University’s 3-Hour Python Bootcamp, designed for beginners to get started quickly and efficiently.

Start your Python journey today—your future self will thank you!

The post Python Launchpad 2025: Your Blueprint to Mastery and Beyond appeared first on OpenCV.

Halloo Everyone, welcome to this blog!

The main topic is NEW PRODUCTS! And the keywords are LoRaWAN and Vision AI. You would wonder, “your devices has a camera and it is LoRaWAN?” Yes indeed! I know, I know! You would tell me “You can’t send images or videos via LoRaWAN because the ‘message’ is too large”, or someone else would say “Technically you can, but you need to ‘slice’ the large images or videos to send them ‘bit by bit’ and ‘piece them together’ aferward. Then why bother?”

What if I tell you, you don’t have to send the images or videos? Think about it, the goal is to get the results captured by the camera, not tons of irrelevant footage. In this case, as long as you can get the results, there is no need to send large images or videos.

SenseCAP A1102 LoRaWAN Vision AI Sensor

Without further ado, here comes the intro of our main cast of this post – SenseCAP A1102, an IP66-rated LoRaWAN® Vision AI Sensor, ideal for low-power, long-range TinyML Edge AI applications. It comes with 3 pre-deployed models (human detection, people counting, and meter reading) by default. Meanwhile, with SenseCraft AI platform [Note 1], you can use the pre-trained models or train your customized models conveniently within a few clicks. Of course, SenseCAP A1102 also supports TensorFlow Lite and PyTorch.

This Device consists of two main parts: the AI Camera and the LoRaWAN Data Logger. While different technologies are integrated in this nifty device, I would like to highlight 4 key aspects:

• Advanced AI Processor

As a vision AI Sensor, SenseCAP A1102 proudly adopted the advanced Himax WiseEye2 HX6538 processor featuring a dual-core Arm Cortex-M55 and integrated Arm Ethos-U55. (The same AI processor as in Grove Vision AI v2 Kit.) This ensures a high performance in vision processing.

Meanwhile, please keep in mind that lighting and distance will affect the performance, which is common for applications that involve cameras. According to our testing, SenseCAP A1102 can achieve 70% confidence for results within 1 ~ 5 meters in normal lighting.

• Low-Power Consumption, Long-Range Communication

SenseCAP A1102 is built with Wio E5 Module featuring STM32WLE5JC, ARM Cortex M4 MCU, and Semtech SX126X. This ensures low-power consumption and long-range communication, as in SenseCAP S210X LoRaWAN Environmental sensors. Supporting a wide range of 863MHz – 928MHz frequency, you can order the same device for different stages of your projects in multiple continents, saving time, manpower, and costs in testing, inventory management, and shipment, etc.

SenseCAP A1102 opens up new possibilities to perceive the world. The same hardware with different AI models, you have different sensors for detecting “objects” (fruits, poses, and animals) or reading meters (in scale or digits), and many more. With the IP66 rating (waterproof and dustproof), it can endure long-term deployment in outdoor severe environments.

We understand interoperability is important. As a standard LoRaWAN device, SenseCAP A1102 can be used with any standard LoRaWAN gateways. When choosing SenseCAP Outdoor Gateway or SenseCAP M2 Indoor Gateway, it is easier for configuration and provisioning.

• Easy Set-up and Configure with SenseCraft App

We provide SenseCraft App and SenseCAP Web Portal for you to set up, configure, and manage the devices & data more easily.

At SenseCraft App, you can change settings with simple clicks such as choose the platform, change the frequency for the specific region, change data upload intervals (5 ~ 1440min), or packet policy (2C+1N, 1C, 1N) and other settings. 

You can see the live and historical data of your devices on both SenseCraft App and SenseCAP Web Portal easily.

When using SenseCAP Sensors and SenseCAP gateways, you can also choose to use SenseCAP cloud platform, which is free for 6 months for each devices and then it is 0.99usd/device/month, or you can choose to use your own platform or other 3rd-party platforms. We offer API supporting MQTT and HTTP.

• Wi-Fi Connectivity for Transmitting Key Frames

Inside the AI Camera part of this device sits a tiny-yet-powerful XIAO ESP32C3, which is powered by new RISC-V architecture. This adds Wi-Fi connectivity to SenseCAP A1102. In the applications, you can get the reference results via LoRaWAN and at the same time get the key frames via Wi-Fi to validate or further analyze.

While we always demonstrate how much we love LoRaWAN for its ultra-low-power consumption and ultra-long-range communication by continuously adding more and more products in the portfolio of our LoRaWAN products family. We also understand some people might prefer other communication protocols. Rest assured, we have options for you. As mentioned above, we value interoperability a lot. Here comes to the intro of another important cast of this post: RS485 Vision AI Camera!

RS485 Vision AI Camera

RS485 Vision AI Camera is a robust vision AI sensor that supports MODBUS-RS485 [Note 2] protocol and Wi-Fi Connectivity. Simply put, it is the camera part of the SenseCAP A1102, which adopts the Himax AI Processor for AI performance. Its IP66 rating makes it suitable for both indoor and outdoor applications.

You can use RS485 Vision AI Camera with SenseCAP Sensor Hub 4G Data Logger to transmit the reference results via 4G. If your existing devices or systems support MODBUS-RS485, you can connect it with this RS485 Vision AI Camera for your applications.

In this post, we introduced SenseCAP A1102 and RS485 Vision AI Camera. I hope you like them and will get your hands on these devices for your projects soon! I already envision this device used in different applications from smart home, office, and building managetment to smart agriculture, biodiversity conservation, and many others. And we look forward to seeing your applications!

If you’ve been using Seeed products or following our updates, you might have noticed that the expertise of Seeed products and services is in smart sensing and edge computing. While we’ve developed a rich collection of products in (1) sensor networks that collect different real-world data and transmit via different communication protocols, and (2) edge computing that brings computing power and AI capabilities to the edge. I think we can say that Seeed is strong in smart sensing, communication, and edge computing. 

There are many more new products on the Seeed roadmap for us to get a deeper perception of the world with AI-powered insight and actions. Stay tuned!

Last but not the least, we understand that you might have requirements in product features, functionalities, or form factors for your specific applications, we offer a wide range of customization services based on the existing standard products. Please do not hesitate to reach out to us, to share your experience, your thoughts about new products, wishes for new features, or ideas for cooperation possibilities! Reach us at iot[at]seeed[dot]cc! Thank you!

[Note 1: If you do not know it yet, SenseCraft AI is a web-base platform for AI applications. No-code. Beginner-friendly. I joined the livestream on YouTube with dearest Meilily to introduce this platform last week. If you are interested, check the recording here.]

[Note 2: MODBUS RS485 is a widely-used protocol for many industrial applications. You can learn more here about MODBUS and RS485, and you can explore the full range of all RS485 products here.]

The post New Product Post – Vision AI Sensor, Supporting LoRaWAN and RS485 appeared first on Latest Open Tech From Seeed.

SONOFF sent us a sample of the MINI-D Wi-Fi smart switch with a dry contact design for review. If you’re familiar with the larger SONOFF 4CH Pro model, which features four channels, the MINI-D operates similarly but is smaller in size and comes with the latest software features. The principle of a dry contact is that the relay contacts are not directly connected to the device’s power supply circuit. Instead, the contacts are isolated and require an external power source to supply power to the load. Make it flexible to use the SONOFF Mini-D in various scenarios such as controlling garage doors, thermostats, or high-current electrical devices through a contactor, like water pumps. It can also manage low-power DC devices such as solenoid valves or small electric motors (<8W). Because the power supplied to the MINI-D and the power passed through its relay can come from different sources, it offers [...]

The post SONOFF MINI-D Review – A Matter-enabled dry contact WiFi switch tested with eWeLink, Home Assistant, and Apple Home appeared first on CNX Software - Embedded Systems News.

Waveshare has recently launched DDSM Driver HAT (B), a compact Raspberry Pi DDSM (Direct Drive Servo Motor) motor driver designed specifically to drive the DDSM400 hub motors. This board is built around an ESP32 MCU and supports wired (USB and UART) and wireless (2.4GHz WiFi) communication. Additionally, the board features a physical toggle switch, which lets it choose between the ESP32 control or USB control modes. On ESP32 control mode you can control the device through a built-in web application. In the USB control mode, the motor driver can be controlled via USB from a host computer sending JSON commands. An XT60 connector is used to power the board, and programming is done through a USB-C port that connects to the ESP32. The board is suitable for robotics projects, especially for mobile robots in 6×6 or 4×4 configurations. Waveshare DDSM Driver HAT (B) specifications: Wireless MCU – Espressif Systems ESP32-WROOM-32E ESP32 [...]

The post ESP32-based Waveshare DDSM Driver HAT (B) for Raspberry Pi supports DDSM400 hub motors appeared first on CNX Software - Embedded Systems News.

Hello, three dot fourteen dot zero alpha four!

https://www.python.org/downloads/release/python-3140a4/

This is an early developer preview of Python 3.14

Major new features of the 3.14 series, compared to 3.13

Python 3.14 is still in development. This release, 3.14.0a4, is the fourth of seven planned alpha releases.

Alpha releases are intended to make it easier to test the current state of new features and bug fixes and to test the release process.

During the alpha phase, features may be added up until the start of the beta phase (2025-05-06) and, if necessary, may be modified or deleted up until the release candidate phase (2025-07-22). Please keep in mind that this is a preview release and its use is not recommended for production environments.

Many new features for Python 3.14 are still being planned and written. Among the new major new features and changes so far:

• PEP 649: deferred evaluation of annotations
• PEP 741: Python configuration C API
• PEP 761: Python 3.14 and onwards no longer provides PGP signatures for release artifacts. Instead, Sigstore is recommended for verifiers.
• Improved error messages
• Many removals of deprecated classes, functions, methods and parameters in various standard library modules.
• New deprecations, many of which are scheduled for removal from Python 3.16
• C API removals and deprecations
• (Hey, fellow core developer, if a feature you find important is missing from this list, let Hugo know.)

The next pre-release of Python 3.14 will be 3.14.0a5, currently scheduled for 2025-02-11.

More resources

• Online documentation
• PEP 745, 3.14 Release Schedule
• Report bugs at https://github.com/python/cpython/issues
• Help fund Python and its community

And now for something completely different

In Python, you can use Greek letters as constants. For example:

from math import pi as π

def circumference(radius: float) -> float:
    return 2 * π * radius

print(circumference(6378.137))  # 40075.016685578485

Enjoy the new release

Thanks to all of the many volunteers who help make Python Development and these releases possible! Please consider supporting our efforts by volunteering yourself or through organisation contributions to the Python Software Foundation.

Regards from a slushy, slippery Helsinki,

Your release team,
Hugo van Kemenade @hugovk
Ned Deily @nad
Steve Dower @steve.dower
Łukasz Langa @ambv

SimpleX network: large groups and privacy preserving content moderation

Published: Jan 14, 2025

Many people believe that it is impossible to moderate and prevent abuse in end-to-end encrypted conversations. This belief is incorrect – there is a way to prevent abuse and distribution of illegal content without any compromises to users privacy and security of end-to-end encryption.

Anti-privacy lobbyists use this incorrect belief to advocate for scanning of private communications, which not only would fail to prevent abuse, but would make it worse - because our private data will become available to criminals.

So it's very important to understand how privacy preserving content moderation works, and educate the politicians who you voted for and who is currently in the office that we do not need to compromise privacy and security in any way to substantially reduce online crime and abuse.

This post answers these questions:

• Why large groups on SimpleX network don't work well?
• How do we plan to make them scale?
• How do group owners prevent abuse when people participate anonymously?
• How do server operators prevent abuse of their servers and how these measures will evolve without any compromises to privacy and end-to-end encryption?
• Which privacy and security improvements we plan this year?

Large groups on SimpleX network

When we designed groups, we expected them to be used primarily for small groups where people know each other, with not more than 100 or so members.

But we learnt that people want to participate in public discussions remaining anonymous - it protects their freedom of speech. As an experiment, we are curating a small directory of the groups that currently has almost 400 public groups, with the largest ones having thousands of members. You can connect to this experimental directory via SimpleX chat address.

Can large groups scale?

Currently the groups are fully decentralized, and every time you send the message to some group your client has to send it to each group member, which is very costly for traffic and battery in large groups.

We are currently working on the new group architecture when dedicated group members that run their clients on the server or on desktop with good internet connection will re-broadcast messages to all members – these members are "super-peers". We will be offering pre-configured super-peers via the app, and you will be able to use your own super-peers, in case you are hosting a large private group, and to have better control and ownership of the group - e.g., if we decide to remove our super peer from the group it will continue functioning because your super peer continues re-broadcasting messages.

Preventing abuse with anonymous participation

All public discussions are abused by spammers and trolls, whether they are anonymous or not. We have been evolving ability of group owners to moderate conversations by allowing to remove inappropriate and off-topic messages, to block members who send spam, and to make all new members who join their group unable to send messages until approved.

As support for large groups improves, we expect the attempts to abuse may increase too, unless we add better moderation capabilities in advance.

v6.3 will add ability of the group members to send reports to the group owners and administrators - the beta version we just released adds ability to manage these reports, so group admins won't miss reports when members start sending them.

Other features that we plan to add this year to improve moderation:

• message comments - some groups may choose to allow only comments, when ability to send messages is restricted to group owners or admins.
• ability to limit the maximum number of messages the members can send per day.
• ability to pre-moderate messages before they can be seen by all members.
• "knocking" - having a conversation with the new members before they are added to the group.
• sub-groups - smaller conversations with the same members.

Preventing server abuse without compromising e2e encryption

Some categories of content may be prohibited by servers operators. An extreme case would be child sexual abuse materials (CSAM).

Many people believe that when conversation is end-to-end encrypted, the problem is unsolvable. This incorrect belief is used by unscrupulous lobbyists and politicians who attempt to mandate various types of content scanning under the guise of preventing CSAM distribution.

We wrote before about how such measures not only would fail to solve the problem, but would also make it worse. If our private photos become available to service providers, they will eventually become available to criminals too, and will be used to abuse and exploit the users and their children.

An absolute majority of CSAM distributed online is publicly accessible. Many large tech companies failed to act and to remove CSAM from their services before it became an epidemic. We see as the most important objective to eliminate the possibility to distribute CSAM from publicly accessible groups, even if it hurts network growth.

When we receive a user complaint about CSAM shared in any group, we remove the files and in some cases groups from our servers. Our approach to moderation preserves user privacy and security of end-to-end encryption.

How does it work? Let's go over the process step by step.

1. A user discovered the link to join the group that distributes CSAM and sent a complaint to our support email address or via the app to SimpleX Chat team contact.

2. Once we received the link to join the group, we instruct our automated bot to join it. If the complaint is confirmed as valid, the bot sends the information about the files sent in this group to the servers that store this file.

3. Once the servers receive the file identifiers, they can now block the file.

File servers cannot look inside end-to-end encrypted files, and they don't even know file sizes – they are securely locked, and sent in chunks, across multiple servers. But if file recipient gives us the address and decryption key of the particular file (each file is encrypted by a different set of keys), we can receive this file. If it violates conditions of use, we can remove or block this file. It doesn't allow us to access any other user data or files.

In this way, the moderation is possible without any content scanning, preserving privacy and security of end-to-end encryption.

Privacy preserving content moderation

Right now, when we act on user complaints, we delete uploaded files or the links to join the groups from our servers, and to the users it looks as if something stopped working.

We are currently rolling out the change to the servers that would mark these files and group links as blocked, so that users who try to download them or to join blocked groups can see that they were blocked for violating server operator conditions of use.

Later this year we plan to do more than that: when the client discovers that the uploaded file was blocked, it may, optionally, depending on the information in the blocking record, disable further uploads from the app to the servers of the operator that blocked the file. Also, when the client that tried to receive the file sees that the file is blocked, it may also refuse to receive further files from the same group member via the same servers.

In this way, servers preserve privacy and security of the users and content, but they are still able to restrict the future actions of the users who violate the conditions of use.

We discussed this plan with the users, and we really appreciate their feedback. The current plan is quite different from our initial ideas, the users had a real impact on these decisions. Users asked the questions below.

Can't users modify their clients code to circumvent these restrictions?

Yes, they can, but for this to work both sender and recipient would have to modify their clients, and it's both technically complex, so most users won't do it, and it is also hard to coordinate between users who don't know and don't trust each other.

So these measures would be effective, even though they can be in theory circumvented, as any restrictions can be.

Can't users use other servers?

Yes, they can. But in the same way as web browser is not responsible for the content you can access, SimpleX app should not restrict your communications with other servers based on blocking action from just one server. That approach allows different server operators to have different content policies, depending on their jurisdiction and other factors.

Wouldn't these measures be abused?

While server operators can indeed abuse such restrictions, they also have other ways to disrupt communications, as described in the threat model. Any communication system, with or without servers, can be disrupted by its participants and providers.

But server operators offer their servers because they want them to be used, whether because they expect that it will be profitable in the future or because they want to support decentralized communication for charitable reasons.

So operators have no reason to abuse users - if they do, users would simply stop using their servers. At the same time, server operators need to have technical means to protect their servers from abuse too, and the planned client-side restrictions would allow it.

What additional measures are considered?

We published other technical ideas that can be used to prevent distribution of illegal content in this document. What is important, that none of these measures compromise users' privacy or end-to-end encryption, and they can (and should) only be applied to publicly accessible content that other users complained about.

We technically cannot, and we won't scan all content. We actively campaign against any content-scanning proposals, not only because it violates our right to privacy, but also because it would result in huge increase of online crime.

The belief that it is impossible to moderate conversations when they are e2e encrypted is incorrect. It is possible when users themselves share conversation contents with server operators, in which case the operators can identify and, if necessary, remove files. It is also possible to moderate conversations that users made publicly accessible.

Privacy and security improvements we plan this year

Not only we won't reduce privacy and security, we plan to increase it this year.

We plan to add:

• quantum-resistant e2e encryption in small groups.
• receiving proxy for files, to protect users IP addresses and other transport metadata.

We see privacy and security as necessary for online safety, and prevention of abuse. If you don't already use SimpleX network, try it now, and let us know how to make it better.

We launched our second-generation microcontroller, RP2350, in August last year. Building on the success of its predecessor, RP2040, this adds faster processors, more memory, lower power states, and a security model built around Arm TrustZone for Cortex-M. Alongside our own Raspberry Pi Pico 2 board, and numerous partner boards, RP2350 also featured on the DEF CON badge, designed by Entropic Engineering, with firmware by our friend Dmitry Grinberg.

All chips have vulnerabilities, and most vendors’ strategy is not to talk about them. We consider this to be suboptimal, so instead, we entered into the DEF CON spirit by offering a one-month, $10,000 prize to the first person to retrieve a secret value from the one-time-programmable (OTP) memory on the device. Our aim was to smoke out weaknesses early, so that we could fix them before RP2350 became widely deployed in secure applications. This open approach to security engineering has been generally well received: call it “security through transparency”, in contrast with the “security through obscurity” philosophy of other vendors.

Nobody claimed the prize by the deadline, so in September we extended the deadline to the end of the year and doubled the prize to $20,000. Today, we’re pleased (ish) to announce that we received not one but four valid submissions, all of which require physical access to the chip, with varying degrees of intrusiveness. Outside of the contest, Thomas “stacksmashing” Roth and the team at Hextree also discovered a vulnerability, which we describe below.

So with no further ado, the winners are:

“Hazardous threes” – Aedan Cullen

RP2350’s antifuse OTP memory is a security-critical component: security configuration bits are stored in OTP and read early in the reset process. A state machine called the OTP PSM is responsible for these reads. Unfortunately, it turns out that the OTP PSM has an exploitable weakness.

The antifuse array is powered via the USB_OTP_VDD pin. To protect against power faults, the PSM uses “guard reads”: reads of known data very close to reads of security-critical data. A power fault should cause a mismatch in the known guard data, indicating that the associated security-critical read is untrustworthy. We use a single guard word: 0x333333.

However, the OTP may retain the last sensed read data during a power fault, and subsequent reads return the most-recently-read data from when power was good. This is not itself a flaw, but it interacts poorly with the choice of guard word. If USB_OTP_VDD is dropped precisely after a guard read has occurred, 0x333333 will be read until power is restored. Therefore, an attacker can overwrite security-critical configuration data with this value.

If the CRIT0 and CRIT1 words are replaced by 0x333333 during the execution of the OTP PSM, the RISCV_DISABLE and ARM_DISABLE bits will be set, and the DEBUG_DISABLE bit will be cleared. ARM_DISABLE takes precedence, so the chip leaves reset with the RISC-V cores running and debugging allowed, regardless of the actual configuration written in the fuses. Dumping secret data from the OTP is then straightforward.

More information can be found in Aedan’s GitHub repository here, and in his Chaos Communication Congress presentation here.

No mitigation is currently available for this vulnerability, which has been assigned erratum number E16. It is likely to be addressed in a future stepping of RP2350.

USB bootloader single-instruction fault with supply-voltage injection – Marius Muench

A foundational security feature of RP2350 is secure boot, which restricts the chip to only run code signed with a specific private key. If an attacker can bypass or break out of secure boot, they can run their own unsigned code, which can potentially dump secret data from the OTP.

Marius discovered a weakness in the boot ROM’s reboot API. This supports several different reboot modes, one of which is REBOOT_TYPE_PC_SP, which reboots and starts execution with a specific program counter and stack pointer. This can only be triggered from secure firmware already running on the chip, but if an attacker could trigger this boot mode externally, and with controlled parameters, we would start executing code at an attacker-supplied address – without verifying the signature of the code!

But how can one enter this boot mode, if it is only accessible to signed and verified firmware?

The answer (of course) is fault injection. By issuing a normal reboot command to the USB bootloader, and injecting a fault (in this case by glitching the supply voltage) so that an instruction is skipped just at the right time, it is possible to trick the reboot API into believing that REBOOT_TYPE_PC_SP was requested. If an attacker has loaded malicious code beforehand into the RAM, this code can be executed and used to extract the secret.

An interesting aspect of this attack is that the code for accepting the reboot command is actually hardened against fault injection. Unfortunately, the function implementing the reboot logic itself assumes that the incoming parameters (including the requested boot mode) are sanitised. Due to an unlucky arrangement of instructions emitted by the compiler, injecting a fault which skips one out of two very specific instructions confuses the chip into rebooting to the hazardous boot type.

Marius says: “While this break may seem straightforward in retrospect, reality is quite different. Identifying and exploiting these types of issues is far from trivial. Overall, this hacking challenge was a multi-month project for me, with many dead-ends explored along the way and countless iterations of attack code and setups to confirm or refute potential findings. Nonetheless, I had plenty of fun digging deep into the intricacies of the new RP2350 microcontroller, and I would like to thank Raspberry Pi and Hextree for hosting the challenge!”

Several effective mitigations are available against this attack, which has been assigned erratum number E20. The most precise mitigation is to set the OTP flag BOOT_FLAGS0.DISABLE_WATCHDOG_SCRATCH, which disables the ability to reboot to a particular PC/SP where that function is not required by application code.

Signature check single-instruction fault with laser injection – Kévin Courdesses

Kévin discovered an exploitable weakness in the secure boot path, just after the firmware to be validated has been loaded into RAM, and just before the hash function needed for the signature check is computed. Injecting a single precisely timed fault at this stage can cause the hash function to be computed over a different piece of data, controlled by the attacker. If that data is a valid signed firmware, the signature check will pass, and the attacker’s unsigned firmware will run!

The most common method of introducing faults, seen in Marius’s attack, is to briefly pull down the supply voltage, introducing a brief “glitch”, which causes the digital logic in the chip to misbehave. RP2350 contains glitch detector circuitry, which is designed to spot most voltage glitches and to purposely halt the chip in response. To permit the injection of faults without triggering the glitch detectors, Kévin built a custom laser fault injection system; this applies a brief pulse of laser light to the back of the die, which has been exposed by grinding away part of the package. And, although several technical compromises were necessary to keep the setup within a limited budget, it worked!

More information can be found in Kévin’s paper here.

No mitigation is available for this attack, which has been assigned erratum number E24. It is likely to be addressed in a future stepping of RP2350.

Extracting antifuse secrets from RP2350 by FIB/PVC – IOActive

OTP memories based on antifuses are widely used for storing small amounts of data (such as serial numbers, keys, and factory trimming) in integrated circuits because they are inexpensive and require no additional mask steps to fabricate. RP2350 uses an off-the-shelf antifuse memory block for storing secure boot keys and other sensitive configuration data.

Antifuses are widely considered to be a “high security” storage medium, meaning that they are significantly more difficult for an attacker to extract data from than other types of memory, such as flash or mask ROM. However, with this attack, IOActive has (almost) demonstrated that data bits stored in the RP2350 antifuse memory array can be extracted using a well-known semiconductor failure analysis technique: passive voltage contrast (PVC) with a focused ion beam (FIB).

The current form of the attack recovers the bitwise OR of two physically adjacent memory cells sharing common metal-1 contacts. However, with some per-bit effort it may be possible for an attacker to separate the even/odd cell values by taking advantage of the circuit-editing capabilities of the FIB.

IOActive has not yet tested the technique against other antifuse IP blocks or on other process nodes. Nonetheless, it is believed to have broad applicability to all antifuse-based memories. Dr Andrew Zonenberg, who led the technical team on this project along with Antony Moor, Daniel Slone, Lain Agan, and Mario Cop, commented: “Our team found a unique attack vector for reading data out of antifuse memory, which we intend to further develop. Those who rely on antifuse memory for confidentiality should immediately reassess their security posture.”

The suggested mitigation for this attack is to employ a “chaffing” technique, storing either {0, 1} or {1, 0} in each pair of bit cells, as the attack in its current form is unable to distinguish between these two states. To guard against a hypothetical version of the attack which uses circuit editing to distinguish between these states, it is recommended that keys and other secrets be stored as larger blocks of chaffed data, from which the secret is recovered by hashing.

Glitch detector evaluation, and OTP read double-instruction fault with EM injection – Hextree

We commissioned the Hextree team to evaluate the secure boot process, and the effectiveness of the redundancy coprocessor (RCP) and glitch detectors. They found that at the highest sensitivity setting, the glitch detectors can detect many voltage glitches; however, the rate of undetected glitches is still high enough to make attacks feasible with some effort.

The majority of their work focused on electromagnetic fault injection (EMFI), which delivers a high-voltage pulse to a small coil on top of the chip. This creates an electromagnetic field which will collapse in the chip, providing for the injection of very localized faults which do not disturb the glitch detectors. Testing yielded multiple security-relevant results, notably that it is possible to corrupt values read from OTP by injecting faults very early in the boot process, and that random delays provided by the RCP are susceptible to side-channel measurements.

The team also found a path to bypass an aspect of the OTP protection of the chip using a double fault: the s_varm_crit_nsboot function, which locks down the OTP permissions prior to entering BOOTSEL mode, has two instructions which, when both are disturbed by precisely timed faults, can prevent an OTP page from being correctly locked, effectively allowing the user to read-out and write to the OTP even when the chip configuration forbids this. The double fault can be triggered with reasonable reliability by EMFI.

Several effective mitigations are available against this attack, which has been assigned erratum number E21. The attack occurs when the device is running non-secure bootloader code, and the OTP keys are extracted via the PICOBOOT interface. The USB bootloader can be disabled by setting the OTP flags BOOT_FLAGS0.DISABLE_BOOTSEL_USB_PICOBOOT_IFC and BOOT_FLAGS0.DISABLE_BOOTSEL_USB_MSD_IFC, which mitigates this vulnerability at the cost of removing the ability to update firmware on the device over USB.

We’d also like to express gratitude to Colin O’Flynn and his team at NewAE for collaborating with both us and Thomas Roth / Hextree on this advanced silicon security research, as well as enabling us with their fantastic ChipWhisperer kit.

What’s next?

We’d like to thank everyone who participated in the challenge. While the rules specify a single $20,000 prize for the “best” attack, we were so impressed by the quality of the submissions that we have chosen to pay the prize in full for each of them.

As expected, we’ve learned a lot. In particular, we’ve revised downward our estimate of the effectiveness of our glitch detection scheme; the difficulty of reliably injecting multiple faults even in the presence of timing uncertainty; and the cost and complexity of laser fault injection. We’ll take these lessons into account as we work to harden future chips, and anticipated future steppings of RP2350.

And while this hacking challenge is over, another one is about to start. As a component of the broader RP2350 security architecture, we’ve been working to develop an implementation of AES which is hardened against side-channel attacks (notably differential power analysis), and we’ll be challenging you to defeat it. Check back next week for more details.

All vendors have security vulnerabilities in their chips. We are unusual because we talk about them, and aim to fix them, rather than brushing them under the carpet. Security through transparency is here to stay.

The post Security through transparency: RP2350 Hacking Challenge results are in appeared first on Raspberry Pi.

The openSUSE Innovator initiative and the Intel Innovator program play a crucial role in ensuring that the openVINO repository remains up to date for the openSUSE Linux distribution community, which I continually to strive to help.

OpenVINO (Open Visual Inference and Neural Network Optimization) is one of the most crucial tools in the AI ecosystem, especially for applications requiring optimized performance for deep learning model inference. The 2024.6.0 release that arrived in Tumbleweed brings significant advancements in compatibility, optimizations and support for complex models, including those used in Generative AI, such as Large Language Models (LLMs).

The Importance of OpenVINO on openSUSE Linux

• Seamless Hardware and Software Integration: OpenVINO provides native acceleration for Intel CPUs and GPUs while maintaining flexibility to support other platforms. When paired with openSUSE Linux’s optimized kernel and advanced library compatibility, OpenVINO reaches its full potential.
• Generative AI in Open Source: In the era of Generative AI, tools like OpenVINO democratize access to cutting-edge technologies and allow developers of all levels to create advanced solutions directly on openSUSE without requiring expensive proprietary hardware.
• Performance and Efficiency: OpenVINO significantly reduces inference times and resource usage, which is a critical feature for LLM-based applications processing large amounts of data in real-time.
• Developer Simplicity: One of OpenVINO’s greatest advantages is its accessibility. It enables even beginner developers to build robust applications with minimal code while still offering flexibility and customization for advanced projects.

Building an LLM Application in 3 Lines of Code

With OpenVINO, creating an application using a generative language model is as simple as:

import openvino_genai as ov_genai
pipe = ov_genai.LLMPipeline("TinyLlama-1.1B-Chat-v1.0/", "CPU")
print(pipe.generate("Openvino é", max_new_tokens=100, do_sample=False))

This simplicity highlights how OpenVINO allows seamless integration of Generative AI technologies into openSUSE Linux, combining optimization with ease of use.

Conclusion

The presence of OpenVINO on openSUSE Linux reinforces the role of open source in leading technological advancements in the AI era. It empowers businesses, independent developers and enthusiasts to build efficient, scalable and impactful applications. With tools like OpenVINO, openSUSE positions itself as a powerful platform for innovation in Generative AI.

Feedback and suggestions for the evolution of work can be sent to Alessandro de Oliveira Faria (A.K.A. CABELO) cabelo@pensuse.org