Le mercredi 02 mars 2016 à 20:28 +0100, Denis 'GNUtoo' Carikli a écrit : > Signed-off-by: Denis 'GNUtoo' Carikli <gnu...@no-log.org>
See other comments below. > --- > freedom-privacy-security-issues.php | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security- > issues.php > index 0d8c936..1e455dc 100644 > --- a/freedom-privacy-security-issues.php > +++ b/freedom-privacy-security-issues.php > @@ -11,7 +11,7 @@ > <p>Many other components of a mobile device also run > software in different forms. The various integrated circuits run small pieces > of dedicated software that are called firmwares. When the device is telephony- > enabled, there is also software running on the modem. Modern modems are > complex and run full operating systems.</p> > <h3>The current situation of freedom and > privacy/security on mobile devices</h3> > <p>A mobile device respecting the users' freedom > would have:<ul><li>Free hardware</li><li>Free firmwares</li><li>Free modem > system</li><li>Free bootrom and bootloader</li><li>Free system and > applications</li></ul>Regarding <a href="#free-hardware">free hardware</a>, it > barely exist as of today. The ways of modifying existing hardware are very > limited. Because of that, new versions of the hardware have to be produced to > carry the modifications, and this is expensive. While producing printed > circuit boards (PCBs) costs a lot of money, producing integrated circuits is > out of reach. A few devices come with schematics, or full design files for the > PCB, but that's usually as far as it gets. Hence, totally-free hardware > doesn't exist yet. While design for FPGAs do exist in free software licenses, > FPGAs are not practical enough to be used to replace ASICs in smartphones, and > most of them even proprietary software tools.</p> > - <p>Firmwares running inside integrated circuits are > most of the time proprietary. While free firmwares are hard to write, some > exist for very specific hardware (e.g. <a href="//www.arduino.cc/">Arduino</a> > ; > , <a href="//dangerousprototypes.com/docs/Bus_Pirate">Bus Pirate</a>) and > sometimes, manufacturers can liberate firmwares running in their integrated > circuits (e.g. <a href="//github.com/qca/open-ath9k-htc- > firmware">ath9k_htc</a>). However, it is not always possible to even replace > those firmwares: some are loaded to the integrated circuit by the main CPU but > some others are pre-installed in the circuit (in that case, they almost seem > to behave like hardware) and cannot be updated to a free replacement.</p> > + <p>Firmwares running inside integrated circuits are > most of the time proprietary. While free firmwares are hard to write, some > exist for very specific hardware (e.g. <a > href="//www.arduino.cc/">Arduino</a>, <a > href="//dangerousprototypes.com/docs/Bus_Pirate">Bus Pirate</a>) and > sometimes, manufacturers can liberate firmwares running in their integrated > circuits (e.g. <a href="//github.com/qca/open-ath9k-htc- > firmware">ath9k_htc</a>). However, it is not always possible to even replace > those firmwares: some are loaded to the integrated circuit by the main CPU but > some others reside in separate storage that is loaded by that integrated > circuit. In that case, we wound't be able to tell the difference with an > integrated circuit lacking any storage. With seperate storage, the firmware > cannot easily be updated to a free replacement.</p> You wrote "seperate" instead of "separate". Also, it would be more accurate to say that: "With separate storage, it can be difficult (to impossible) to update the firmware to a free replacement." > <p><a href="images/freedom-privacy-security- > issues/bad-modem-isolation.png" data-lightbox="current-situation" data- > title="Bad modem isolation"><img src="images/freedom-privacy-security- > issues/bad-modem-isolation.png" alt="Bad modem isolation" style="width: 250px; > float: left;"/></a>The modem system on telephony-enabled mobile devices is > always proprietary. While <a href="//bb.osmocom.org/">OsmocomBB</a>, a free > software GSM stack exists, it only runs on old feature phones, currently > requires a host computer to operate and is not certified to run on public > networks. Despite this situation, the modem remains a crucial part for > privacy/security: it is nearly always connected to the GSM network, allowing > for <a href="//www.gnu.org/philosophy/malware-mobiles.html">remote > control</a>. The modem can be more or less damaging to privacy/security > depending on what hardware it has access to and can control. That is to say, > how isolated it is from the rest of the device.<br /><br />A > device > with bad modem isolation would allow the modem to access and control key > parts of the hardware, such as the RAM, storage, GPS, camera, user I/O and > microphone. This situation is terrible for privacy/security as it provides > plenty of ways to efficiently spy on the user, triggered remotely over the > mobile telephony network. Those are accessible to the mobile telephony > operator, but also to attackers setting up fake base stations for that > purpose. <a href="images/freedom-privacy-security-issues/good-modem- > isolation.png" data-lightbox="current-situation" data-title="Good modem > isolation"><img src="images/freedom-privacy-security-issues/good-modem- > isolation.png" alt="Good modem isolation" style="width: 250px; float: > right;"/></a>On the other hand, when the modem is well-isolated from the rest > of the device, it is limited to communicating directly with the SoC and can > only access the device's microphone when allowed by the SoC. It is then > strictly limited to accessing what it real > ly needs > , which considerably reduces its opportunities to spy on the user. While it > doesn't solve any of the freedom issues, having an isolated modem is a big > step forward for privacy/security. However, it is nearly impossible to be > entirely sure that the modem is actually isolated, as any documentation about > the device cannot be trusted, due to the lack of effective hardware freedom. > On the other hand, it is possible to know that the modem is not isolated, when > there is proof that it can access hardware that could be used to spy on the > user.</p> > <p>Looking at the software that runs early on the > SoC, the first component is the bootrom. It is always proprietary and is > stored in read-only memory, so it cannot be changed (in that case, it almost > seems to behave like hardware). However, regarding the bootloader, the > situation is different for each platform. There are actually multiple stages > of bootloaders, some of which can be free. However, it also occurs that the > bootloaders are cryptographically signed with a private key. In that case, the > bootrom will check the signature against a public key that cannot be replaced > and only run the bootloader if the signature matches. That sort of tivoization > prevents replacing pre-installed bootloaders, even when their sources are > released as free software. There are some good platforms that don't perform > such signature checks and can run free bootloaders (e.g. Allwinner Ax, TI OMAP > General-Purpose).</p> > <p><a href="images/freedom-privacy-security- > issues/operating-system.png" data-lightbox="current-situation" data- > title="Mobile operating system"><img src="images/freedom-privacy-security- > issues/operating-system.png" alt="Mobile operating system" style="width: > 250px; float: left;"/></a>The biggest part of the software running on a mobile > device is the operating system, that runs on the main CPU. It has access to > most integrated circuits (I/O, camera, microphone, GPS, etc) as well as the > user's data and communications. It is the most critical part for > privacy/security and is also very important for free software as it interacts > with the user directly and holds knowledge about communication with the > hardware. Many mobile operating systems are mostly free software (e.g. <a > href="//www.android.com/">Android</a>, <a href="//mozilla.org/firefox/os">Fire > fox OS</a>, <a href="//ubuntu.com/phone">Ubuntu Touch</a>, <a > href="//www.tizen.org/">Tizen</a>), as they use the <a href="//www. > kernel.o > rg/">Linux kernel</a>, a free framework and ship with free base applications. > However, the user-space hardware abstraction layers are for the most part > proprietary (it varies from one device to another) and they also ship with > proprietary loaded firmwares for various integrated circuits. Every piece of > proprietary software running on the system is a risk for privacy/security as > they can offer <a href="//www.gnu.org/philosophy/malware-mobiles.html">remote > access back-doors</a> and compromise the rest of the system.<br />None of > these mostly-free systems have a clear policy to reject proprietary software > and not advocate its use, except for Replicant.</p>;
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Replicant mailing list Replicant@lists.osuosl.org http://lists.osuosl.org/mailman/listinfo/replicant