I watched the NanoKVM video starring @wendell a few hours ago and based on his impressions of how good the device is, I decided a grab a couple (well pre-order).
Within the video it was expressed initially that he would like to see the source, with some follow up later on in the video advising that the source was since published and he had a bit of a poke around…
I was wondering @wendell if you have done any modifications to the OS since checking out the source and if you would consider posting it for others, like me, who would both trust and most likely want some of your additions/optimizations/etc?
Yeah, in the video it sounded like @wendell was saying that the source was on GitHub for stuff, but all I see there is the schematic set and some web front-end bits.
I’m already quite happy with a closed-source KVM (from Level1Techs! though there are some tweaks I’d like to make…) but on something network-connected it would make me feel a bit better.
There’s a somewhat flamey binary analysis which demonstrates some security flaws. The vendor has apparently committed to fixing those.
I doubt the whole thing will ever be open source, since the hardware drivers and libraries for media operations are probably a pain to re-implement, but if the interest level stays high, I don’t see any reason why the actual security-relevant parts of the KVM server won’t be either opened up or reversed.
Yeah, that was really helpful, thank you. Mine arrived the other day and I’ve been hoping there would be some open firmware replacement I could slam in there. Not that using newborn firmware on my rescue-when-things-go-sideways device is necessarily wise, but my wife didn’t marry me for my good decision-making.
I have to say I’m flummoxed by this. The documentation specifically on how to get the nanoKVM lite going is completely absent. Can anyone tell me what I need to connect a mSD card and where to mount it? I presume it’s using some of the pins but the schematic doesn’t tell me anything about it.
edit: okay, after finally finding a picture of a working lite I realized what the microSD slot was. Working now.
I’m still going to wait until they open their source code. IDK if a full-fledged pi-kvm could run on it, but I like the idea of a minimal box running busybox, the webvnc server (with all the added controls, e.g. iso mounting and power + reset buttons) and the necessary drivers for hardware acceleration. The nanokvm is an ideal box for me (the one without a display), particularly because they’re so cheap I could just literally buy 1 for every device I need and would be cheaper than buying an hdmi + usb kvm to attach to it. But it’s still proprietary.
Just wanted to share my experiences so far. I ordered beginning of sept and had to remind them end of Oct to send my order. After getting it I installed tailscale and then updated the webui. It then lost my tailscale login. I logged in again and updated tailscale but then noticed tailscale kept going down due to out of memory. I downgraded tailscale and it seemed to be stable. Then unexplained weird things started happening in my tailnet like not being able to reach coordination server. Not sure how to troubleshoot so I just disable tailscale for now. I saw that userspace memory was increased in a recent update but the KVM refused to update. I rebooted it and now the webui is not coming up. Scanning the ports, only port 22 is open. So far pretty mixed experiences. When its working it seemed to be nice however the software has obviously been pretty half baked.
Just wanted to circle back. In the good news, the firmware is apparently all open source now, although I have not yet seen a project shipping full builds separately from the Sipeed project.
Unfortunately, there seem to be persistent problems with keeping Tailscale online, frequent performance problems (I swear mine were working great…then they were not (frames per minute!)), and there’s a open SSH port on the device by default (they just shipped a firmware update that allows you to change the root password, but you cannot disable SSH and you should never put this device on an open network…especially when freshly flashed).
I just stuffed my 5-pack in a drawer and I’m lugging my PiKVM from machine to machine for now. I’m still hopeful that things will get fixed since it mostly seems like software problems, but I don’t have time to mess around and make a DMZ to segregate these things this week.
My impulse to return to this thread was getting some spam from Sipeed announcing that they are shipping a new, better model. I’m glad they continue to invest in the line. On the other hand, I’d say: Do not buy the “PRO” version of a product that comes out of the box with a “root/admin” SSH login until we start seeing way better firmware and responsiveness to bugs and security problems.
My DIY PiKVM v2 is amazing. If I had the need I’d jump at getting another.
I saw some sketchy comments in the NanoKVM GitHub issues saying there is some sort of power issue that can be fixed with removing/adding a component to the PCB…I figure I’m going to leave mine in a drawer for a few months and see if that gets corroborated, or if the software gets fixed.
JetKVM is out there too…but I don’t know if it is worth looking at.
apalrd’s adventures on YouTube has recently reviewed the NanoKVM from a security perspective and has concerns with embedded device bad practices.
Would love to know Wendell’s opinion on Sipeed’s development practices, as he’s had direct contact with them.
There’s minimal movement happening at the sipeed/NanoKVM GitHub repo.
It’s a good video that is worth a watch, but what jumps out to me:
There is a ton of security issues in the open source parts of software
NanoKVM downloads a binary from wiki.spispeed.com instead of shipping it with the release. The binary is doing something with a custom Risk-V instruction and the kvm serial number.
tcpdump and aircrack are installed (aircrack is a wifi hacking tool not useful for a KVM)
And a bonus youtube comment from the github contributor (@matejkovacic9382)
The hardware includes a microphone, and NanoKVM ships with all Alsa tools
IMO, 1 can be attributed to Hanlon’s razor and hopefully will get fixed over time. 2 is probably a misguided attempt to make it possible to add licensing/DRM in the future. 3 & 4 are really hard to explain. To quote MatejKovacic’s comment:
“So to sum up - device is connecting to Chinese servers, has installed hacker/debugging tools (tcpdump and aircrack) and has buld-in microphone with all software support for recording. Anyway, I am quite sure there is no big conspiracy here (just biiig negligence), but it really looks bad.”
Aside from the issues cited above, I’ve seen multiple complaints about remote input freezing periodically, requireing a reset, and at least one case where physically connected keyb\mouse stopped working as well.
Anyway, I am quite sure there is no big conspiracy here (just biiig negligence), but it really looks bad.”