This computer can't be hacked! (2023 Best of CM4)
Vložit
- čas přidán 8. 06. 2024
- The Secure Edge Node is certainly the most secure Raspberry Pi! This video features the most interesting CM4 boards of 2023.
Disclaimer: All the products featured in this video were sent by the manufacturers. I did not receive any other form of compensation for this video, nor did they have any input into the content of this video. See my sponsorship guidelines here: github.com/geerlingguy/youtube
Check out everything mentioned in this video:
- Axzez Interceptor 1U 5-drive: www.axzez.com/product-page/in...
- Axzez Interceptor 1U 3-drive: www.axzez.com/product-page/in...
- Video - Raspberry Pi Gaming PC: • Building a $500 Raspbe...
- Wisgate Connect: www.rakwireless.com/en-us/pro...
- EDATEC CM4 Media: edatec.cn/en/elpc/cm4-media.html
- EDATEC CM4 Nano: edatec.cn/en/elpc/cm4-nano.html
- EDATEC CM4 Sensing: edatec.cn/en/elpc/cm4-sen.html
- EDATEC CM4 Industrial: edatec.cn/en/elpc/cm4-ind.html
- EDATEC CM4 IO Computer: edatec.cn/en/elpc/cm4-io-comp...
- Zymbit Secure Edge Node D35: store.zymbit.com/products/sec...
- Chipsee 10.1" Industrial Panel PC: chipsee.com/product/ppc-cm4-101/
- PiKVM v4 Kickstarter: www.kickstarter.com/projects/...
- Subscribe to Geerling Engineering: / geerlingengineering
- Cytron CM4 Maker Board: www.cytron.io/c-raspberry-pi/...
Support me on Patreon: / geerlingguy
Sponsor me on GitHub: github.com/sponsors/geerlingguy
Merch: redshirtjeff.com
2nd Channel: / geerlingengineering
#RaspberryPi
Contents:
00:00 - Ethernet and HDMI on a Hard Drive?
00:18 - Axzez Interceptor 1U NVR
01:47 - WisGate Connect
03:12 - EDATEC's industrial computers
05:50 - Zymbit's Secure Edge Node D35
09:17 - Chipsee Industrial Panel PC
10:53 - PiKVM v4
11:11 - Cytron CM4 Maker Board - Věda a technologie
LPL would just use his covert instruments to check individual bits in the RAM or storage. He's an unstoppable force.
"With this special tamper-defeating tool Bosnian Bill and I created..."
@@JeffGeerling I miss Bosnian Bill. His videos were always my favourite to watch. Hope he's doing well.
@@JeffGeerling First, I'd like to compliment you on the quality of the content you release, this video included. You communicate the relevant information efficiently and effectively, and I look forward to your future videos. There was one thing that I disliked about this video in particular, however: the title was uncharacteristically click-baity for your channel. Based on the past correlation between your videos' titles and content, I expected this video to actually feature LPL trying to break into a computer. Since there is no reference to LPL within the video content, let alone evidence supporting the assertion "Even LockPickingLawyer couldn't hack this computer!", the title was misleading.
Again, I enjoy your videos, I have learned quite a bit from them, and I hope to learn much more in the future.
LPL would probably circumvent all the sophisticated anti-tamper mechanisms and sensors with a ballpoint pen or LEGO toy. Since they may be experts at computer security but they neglected this one little structural detail which allows an easy exploit ...
Especially if Master Lock made it
A video on that NVR would be epic!
I 2nd this
I too am very interested what kind of resolution, bitrate, throughput, recall while recording usability, it would be capable of....
Pretty plz....
@@zombieregime You will get about 1/10th of the quality for more than double the price of just buying a proper NVR from Reolink, Amcrest, etc.
I 66th this.
Jeff - exactly what you tell the world as "theory" of desoldering the flash, that happened with German secure hardware encryption data connectors used by German medical system. They found a bug in the boot loader and - after 2 days - they mounted the flash.
Oh it's definitely not theory! I've seen people do some strange things with memory chips on running systems. Want to do a deep dive on that at some point in a video, but I don't have the expertise so I'd have to work with someone on it.
@@JeffGeerling I am glad you're feeling better!
In the context in which Jeff said it, he made it clear that it's certainly possible to do that but it wouldn't matter anyway because the eMMC modules themselves would be encrypted with unrecoverable keys.
In theory you could de-solder them, but in practice it wouldn't matter.
I'd love to see that run with the coral USB, I have one somewhere maybe you'll encourage me to clean my office to find it again!
Haha all these tiny devices are great at hidding in nooks and crannies.
In the future I wanted to make a Pi based NVR so a video and guide about it would be super helpful!
I love the collabs that Jeff is making happen. I keep hoping for great things for this man and his colon!
I don't have a colon anymore! :D
@@JeffGeerling In all my years of being on YT, your comment is the best EVER! Thanks for that!!
Much respect and best wishes always Jeff!!!
@@JeffGeerling Now you have a semicolon?
@@JeffGeerling "Enough of this c#@p, im out!" - Colon
Wouldn't it be wonderful if the Raspberry Pi Foundation could actually produce a Raspberry Pi?
The Pi Foundation is the charitable org branch, Pi Ltd is the one that makes the hardware-and they're making hundreds of thousands per month... they're just all going to commercial products for the time being :(
Wow. That was like taking a sip from a fire hydrant! 😮
Would love a deep dive video, one for each of those items, if you have the time. 🙂
I just recently finished an NAS/NVR using a Zimaboard, but since I had originally planned on using a Pi 4 for it and the project got put on hold due to software frustrations it would be nice to see a video of it done right.
Also, I'd like to see a CM4Stack in one of these roundups (M5Stack's industrial controller thing). Their ESP32 devices have always been kinda pricey but really well put together.
Do we even have to answer that Jeff? Yes, we would highly appreciate a full video on setting up network recording with Raspberry Pis.
Now i see where all the CM4 modules went
I definitely want to see a diy security system video
I missed your amazing videos! Thank you very much!
I have used the Zymbit module in a pilot project, and it worked as advertised. The only thing about Zymbit that left me with a bit of uncertainty is that it is not independently clear how secure their encryption module really is, and they are not very forth coming about its internals. I also could not find any material online at that time (this was before the pandemic) that reviews their security independently.
It seems that the Secure Edge Node is finally in production-it was still in alpha when I started testing it. I know they were partnered with AWS a bit, and have had some independent security auditors working on their alpha boards at least.
It would be good to see more 3rd party pen testers hammer the device, and help iron out any remaining weaknesses! I'm not that, so I can't verify all their claims, unfortunately.
But I would like to dive deeper on it at some point. There are some creative ways I think I could bypass at least *some* of the sensors, if you had one configured with only certain tamper protections active.
Not knowing anything about the internals of encryption is a huge red flag.Kerckhoffs's principle isn't there just for show.
@@Ruhrpottpatriot It's possible they'll release more details after audits are finished and results are in so they can fix any lingering issues before it's made public.
@@realms4219 That's better, but still bad practice. If your cryptography depends on any hidden component, except the key, then it's bad cryptography.
You have to be able to go public with everything and all details on the first day.
Seeing how they didn't do that and are even tight lipped about it, is an instant "no-buy", ever, from me.
I have been using Zymbit Zymkeys (in dev mode), and I have wondered similar. To me, they are a TPM-like board where it will send some serial numbers to the Zymkey, and if all is well, it unseals the LUKS root filesystem key, and the boot process is complete. The downside is that there isn't any way to really add a LUKS recovery key, so if the Zymkey has an issue, the data on the protected filesystem is history... so one needs to have good backups (I use Borg Backup off to a NAS, as well as to Borgbase) and ensure the backups are checked often, or have a warning system. However, it does the job well, and allows a device to boot relatively securely without needing a password or someone to SSH in.
I'd love to see more pen testing on the Zymbit offerings, just because it gives peace of mind. I find that something like the ZymKey should be a part of the Rpi proper, just because TPM-like capabilities are always useful, especially for tasks like kiosks in areas where security isn't guarenteed, kiosks, and other items where compromise of the computer can be a bad thing.
In any case, it does go a long way to ensure physical security, and even if it does have weaknesses, it is far better than nothing.
Really excited to see lots of new stuffs for the Raspberry Pi. I'm waiting on my PiKVM 4 Plus which will arrive soon. 😁 Loving the PiKVM v3 for my pfsense.
Always enjoyable, Jeff, how you introduce us to your picks of technology, inspiring stuff! Thanks a lot!
Yay. New vid. Nice to see energetic mr geerling.
You have been one of the people single handedly providing so much knowledge about enterprise-dev and prod level kind of backend infrastrucutre. I owe a lot to you.
I absolutely love the NVR from Axzez, that looks VERY promising. and the Chipsee Panel PC? Im conjuring up some ideas for that already. The possibilities are endless for it.
I liked the format of this video, nicely done.
I thought it was his worst video by a country mile.
man im so proud of this dude's dedication.
from less than 100k
and keeps on improving!
love your vids man
keep going!
Thanks for another interesting video that includes actual captions for the Deaf - makes it easier to watch and understand. Raspberry Pi has come a long way
I would love a video about a Pi NVR! The Coral TPU looks like a cool accessory to pair it with 😊
The Chipsee Panel could be perfect as the control center for an RV. With the right software you could set it up as a home assistant server, dashboard, permanent wifi-hotspot, use the gpios to control some led lightning, and even connect the CAN bus to the vehicle for additional sensors, all in a single device.
Not a bad idea at all!
I'm liking the idea of the Zymbit secure pi, but what happens if an earthquake triggers the accelerometers and wipes everything!?
There are ways to distinguish different types of movement, though that's something you'd have to test even more in earthquake-prone areas!
One could have the accelerometers turned off. I have a number of Pis with Zymkeys, and I just leave them in dev mode... which is good enough to provide security for /, while ensuring I can upgrade the device to a new Raspberry Pi OS, or even Ubuntu.
Then your computer becomes e-waste.
Love you videos! Hope you’re doing well!
Quite an impressive piece of HW, thx for highlighting it!
Thanks for your sharing
Jeff made me addicted to his pie projects, nice reviews
I've came to the conclusion that there are never going to be a quantity Raspberry Pis for makers. They may as well change the company name to Raspberry Industrial. What you've shown here just solidifies the fact.
Time for makers to just move on to other SBCs.
Believe me, I've been trying. The RK3588 seems to be the best hope for a non-Pi standard chip that can be supported in many different types of products, but it still has its own warts.
In a blog post on the Pi site, they said it should ease by halfway through this year (and be readily available in the 3rd or 4th quarter), so I'm still holding out hope.
But I'm also hoping they release new hardware sometime soon because the Pi 4 SoC is getting a bit long in the tooth.
Raspberry Pi Foundation have said that in Q3 this year they should have more stock for the maker community, but they are a business and like any other, their big clients are the ones that keep them alive, so for now we have to put up with this situation.
@@EsotericArctos The Raspberry pi Foundation is not a buisness like any other. They are a foundation, and they are non profit. All their earnings go towards paying employee, r&d and fundation goals. IMO, that's what make it so that they spent so much time improving and maintaining the OS, the guides, etc. My first gen Pi still work as of now, still supported.
As for the availability to industrial customers, it comes to the fact that they have to commit to providing stuff to industrial clients, because otherwise those clients would cease to use the pi, as supply would be too unreliable. I think to recall that they have signed agreements and such before the great shortage.
It's definitely no fun for us end users, but in the same time the consequences when we don't have a new pi are not the same as for an industrial consumer that built a product line on a pi, and can't sell if no stock is available.
In the end this should remain a net gain for the community, since shortage will end at some point, and we'll get to enjoy super cool carrier boards.
But as of now, i must admit that even though i have 2 CM4 in stock, i don't care much about carrier boards because i can't get CM4s. Same for HATS or pi related stuff :(
On the upside, the pi pico is super available (and it was even more available than esp32s at some point), so it caused a rise in pico based projects.
@@EsotericArctos based
they already have moved on esp32 is the common go to chip and can handle most iot tasks. for more demanding things look at any rockchip sbc they are well priced and perform good
Jeff: Let me know if you want me to make a video of X Everyone: YES PLEASE
Too much security can be risky if you don't know what you're doing 😅
I would like to see you doing some application using the Chipsee Industrial Panel.
Thanks Jeff
Thx for the journey
'What Hard Drive Has Ethernet' you ask take a look at the Kioxia EM6 drives.... basically a high performance NVME ssd with a fabric interface (so using NVMeOF) directly on the drive so the systems talk to the drives using TCP directly instead of all the 'conversion' steps when considering how a server would request data from a SAS drive over SAN (tcp -> cpu -> pcie -> sas).
Wow I think this is the earliest I've ever been to a video!
EDIT: I think Jeff has the entirety of Raspberry Pi modules produced so far this year
Make the network video recording vid please. Love the videos!!
As you mentioned, that panel PC would make for a great interface machine for Home Assistant, it's actually tempting for me as I'm currently using an old Microsoft Surface for mine.
That panel pc is 100% directed at the industrial hmi market. It will end up as hard to get as the Pi4 inside it.
@@leonkernan So far they've seemed to have better availability (Chipsee, that is) than many of the other CM4-based companies, in spite of having a few earlier products based on it (like their AIO). Of course, the Panel PC is probably a lot more generally interesting to the audience here than an iMac knockoff like the AIO was.
7:46 sounds like what Apple does with its hardware nowadays lol
YES! Would love to see a frigate based NVR based on this hardware. Please!
I have no hope left for cheap Compute Modules anymore, I think it's safe to say we can forget about it as an ordinary customer. The CM became an industrial embedded platform, serving vendors first as they suck up all the stock they can get. Though it was meant to be an embedded platform from the get go, so it was predestined for this path.
The CM3 and earlier Compute Modules were very much industry-first, I rarely saw them in the wild.
When I saw the CM4 and did my first video on it, I knew it could be a mainstream hit too (that's why I was so excited about it and started testing everything I could with it), but even from the first few months of its existence, it wasn't always easy to get (at least in higher end configurations).
Availability was getting better in 2020... until it wasn't. The global chip shortage kept production limited for so long that the CM4 has really lived most of its life locked up in contracts with manufacturers who work directly with Raspberry Pi.
I'm hopeful there will be better stock for whatever comes next. Or I'd even be happy to see CM4 come back in stock and maybe price-reduced at some point, because there are still so many great boards for it for consumers and business use alike!
So far none of the other ARM boards that have CM4-compatible clones have made a real dent. A few like the SOQuartz are kinda okay for some needs, but not everything :(
@@JeffGeerling You do a great job showing all these CM4 solutions. It really bring the appetite. I wish that you'll be right and one day we can have these boards in quantities and for "okay" price. For eg. I was really excited about the BliKVM which is such a cool idea, but the price of that thing shouldn't double because you include a CM4 module. :( Luckily there's the PiKVM-A8 which does the same just with a regular Pi4B.
I'd be very interested in a video on the use of a Coral Edge TPU with a Pi
That Pi based system with Frigate. PLEASE. As you soon as you mentioned NVR, I was wishing for Frigate.
Frigate is a pain to set up but is great once working. I'm using an old dell optimax with a coral tpu.... its an amazing combo. Will do a video of the setup.
That seems to be the case! It's a little bit of YAML hell the first setup.
+1 on the NVR tutorial for sure
that Chipsee 10.1" Industrial Panel PC you showed would be great for a for a homes security, wish google could have a stand along software for their google home stuff so you dont have to rely on the cloud to simply turn on a light.
Thanks for featuring Cytron. Bought several products from them, the price is always below the market one. Much respect for those guys
NVR setup will be great !
I need something like PiKVM but one that uses a 15-pin VGA input with full support for all Super VGA video modes and EDID so that it appears to be an actual monitor to whatever it's connected to. It also needs a headphone jack or RCA inputs for audio and the ability to turn on and off power to the attached device (an old SVGA output game console).
YES PLEASE - yea pls make a video on NVR...im a LAN Tech at a local school and we are changing our system as we speak and, well its just something that I need to learn more about so PLEAZE make that video (so I don't have to rely on the sales guy or figure it out entirely myself haha)
So this is where are the Pi 4’s are going to…
Man your videos are awesome😀. I would like to see a video having a raspberry pi 4 as an all in one home system. Like it should be a NAS (using omv) , a router (openwrt) , a pihole ad blocker , a dns server , a home automation server , a media player , a plex server and so on. I want to see you do this dude. Man enough to accept the challenge?😁
I'm not specifically interested in an appliance for network recording, but I would be interested to know if there is a low-wattage solution using an rPi to process video ala Zoneminder. Zoneminder specifically seems to consume a lot of CPU per camera.
Yeah anything that requires CPU to decode camera feeds is going to fall apart on the Pi, it's better to straight record incoming streams, or to offload any processing to a separate chip, like the Coral TPU with Frigate.
1:47 Yes! We do want a video on network video recording!
@0:25 wasted opportunity for "Let me show you its features"
But very interesting and great stuff as always, keep it up Jeff!
Yes, I’d love to see more content with the coral.
2:30 - WOW that is a big antenna!
Late but throwing my voting hat in the ring for the NVR too. A deep dive into that would be awesome!
Never too late to make a good request! It'll happen
Is there still no good CM4 replacement that can be used in place of a CM4?
Nothing quite matches it, though in a pinch, I have tested the Pine64 SOQuartz and BPI-CM4 to some extent, and they both support _some_ of the features well enough.
Yeah, any x86 computer.
A video on network video recording would be greatly appreciated!
Hello, yes i want if is possible you make a video about PI NVR setup.
Our interests match. That is why it is so interesting to watch.
YEEEEESSSS!!! A video about a Pi based NVR! I just started looking into them for a couple cameras already installed. I have not liked what I have found so far. Some are proprietary and will only work with their own brand cameras. I also need wired (POE) and wireless. The latter to connect a generic WiFi wireless door bell cam I have had multiple problems with. I suspect the rest of the audience here does not want to pay fees each month to The Cloud.
Definitely! My goal is to do it all local, no cloud whatsoever.
Please make the full video on setting up network video recording
It's now a router Jeff can love.
would love to see some coral TPU action Jeff :P
Yes, we want a full video on network video
Like everyone else, yes please for NVR video. But also interested in a full review of the Panel PC. Just getting into Home Assistant and looking for a dashboard controller.
Yes please on the network video recorder video!!
Yep, I'd love to see a NVR video!
On NVR: I'm currently running ZoneMinder on my Raspberry Pi. Works great for a couple of cameras, but I have never tried with anything more yet. Maybe you want to check it out.
On Zymbit's secure edge node: it feels a little bit wasteful to have a device becomes a paperweight after being tampered. I guess a compromise would be to have it erase everything, but leave the hardware functional so at least it could be used for another purpose or something. Not sure if that would enable any attack surface though...
I had to look. I have been using ZoneMinder for years. Though on a pc.
Zymbit: I was thinking immediately it as a hardware wallet ... so did they!
Hey, Jeff, that Rack mount Pi would be perfect for Zoneminder, for doing security cameras. We're actively working on ML support for the project, too.
Haven't tested Zoneminder yet!
Very interesting!
These things look interesting, especially the Interceptor board. I just wish I could get my hands on a Rasperry Pi CM4 separately as CM4 is difficult.
I would love to see how you setup Frigate on this with a Coral TPU as I think that is a better option than Shinobi. If I can get my hands on a Coral TPU I can play then lol.
Now we now who’s buying all the CM4s. 💯
Too bad we still can't get Pis because the Pi Foundation decided not to prioritize the end consumer like they initially promised us.
Yeah, I was on Pi Foundation side when they prioritized companies that they were working with for long time. But this is a completely different thing. Newly created companies are getting pi's in high quantities on priority while customers cannot get a single one.
Network video recording? Yes, please! Hoping the TPU could be used fr something like move detection to record only when there is movement,
+1 for NVR video
Please please please make a video on how to train a custom model for that coral!
This is very COOL!
Nice ! LoRa is cool. You can make your own private secure WiFi Mesh networks by flashing the firmware to Meshtastic LoRa (similar to Meshtastic WiFi) now you have a secure texting network that is expandable throughout your local area. Several companies have already deployed nationwide networks.
Yes. NVR video please,
Thanks!
I really like EDATEC's CM4 NANO, we can't buy Raspberry Pi 4 now, maybe I can go to Digi-key to buy a NANO first, thank you Jeff for helping me out
YES full video please on vid recording.
yes please for the NVR video!
Yes on the NVR!
My experience with security cameras started in the 90s and I am still running 1080p over BNC. I know about IP networking, but I don't know what IP cameras are compatible with what software.
That's one of the annoying things about IP cameras. There are some that work better than others, and I'll at least touch on that topic in a follow up vodeo
I'm curious, would the interceptor board allow for an rpi to work as a NAS/media server? It would be nice to use actual sata for my drives
Yes, it works for that too! In fact, I think someone built a 3D printed case for the Interceptor and four drives that was fairly compact.
@@JeffGeerling that sounds quite interesting, I’d assume you’d need some power supply that can provide 5V for the pi and 12V for the HDDs, right?
@@huantian Yes, and that's usually the messy bit of these Pi NAS builds.
@@huantian In the case of the Axzez Interceptor Carrier Board, it uses a typical 24-pin ATX PSU, which are for sale on the website and include power connectors for 5 drives. (Full disclosure: I am a co-founder of Axzez)
@@ShannonKerr oh really? I’ll need to take a closer look then, using a standard ATX power supply should be quite convenient!
NVR video - yes please!
I don't wanna stress you out or anything but you said there was some new developments about the gpu on raspberry pi thing. I was just wondering if you're still working on a video about that?
Heh, yep! Not too much advancement but not for lack of trying. New video coming in the next 1-2 weeks!
While cool to look at, the RPi being used in all these business usecases really impacts the learning & DIY side of RPis - not just because of availability, but also because RPi's production can (rightfully) no longer count on getting parts at-cost from manufacturers like Broadcom, and rising demands clashing with affordability.
really cool ideas .. wouldn't the cm4 be out of stock wordwide, didn't see one in stock this year
That secure RPI could be great option for home crypto wallet.
Wasn't there a hard drive with Ethernet PHY from Seagate or someone for datacenter use?
yeah definitely do some nvr and frigate content
Me & Buddy just dreamed it was “Raining Raspberry Pis “ - then we woke up! Lol - am I being greedy?!? Lol - “be honest!” :-)
I wouldn't exactly say storage/computing density on this unit is up to standard...
When Jeff got his Christmas gifts early
1:07 Love the cheap 20$ Amazon China Back-Converter between the Seagate drive and the PSU, looks really professional!
EDIT: 1:25 Ah! I told you!
Nvr with frigate and coral would be just what I need to finally replace my blue iris vm.
WHERE DID YOU FIND A CORAL TPU IN STOCK?? I’ve been using a modded version of Frigate called Frigatensor which allows my old gtx1050ti to run a person detection model.
I found it on Adafruit many months ago, but it was out of stock just as quickly as it came available :(
Jeff
01:36 I can't find a link that says motioneye-os are dropping RPI support. Do you have a link?
see the readme: github.com/motioneye-project/motioneyeos#readme