This is to have more readable git diffs.
Signed-off-by: Denis 'GNUtoo' Carikli <gnu...@no-log.org>
---
freedom-privacy-security-issues.php | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/freedom-privacy-security-issues.php
b/freedom-privacy-security-issues.php
index 48d47b2..1cdd5a1 100644
--- a/freedom-privacy-security-issues.php
+++ b/freedom-privacy-security-issues.php
@@ -19,9 +19,11 @@
<p>
Regarding the software side of things on mobile
devices, the main CPU (inside the SoC) starts by executing initial boot code,
often known as the bootrom.
This code will look up various places such as
NAND, eMMC or MMC (sd/micro sd card) storage, depending on the hardware
configuration, to load a bootloader.
- The bootloader, which is in fact often split in
different stages, is in charge of bringing up and configuring various aspects
of the hardware and eventually starting the operating system by loading and
running its kernel.<br /><a
href="images/freedom-privacy-security-issues/software.png"
data-lightbox="overview" data-title="Software-side overview"><img
src="images/freedom-privacy-security-issues/software.png" alt="Software-side
overview" style="width: 250px; float: right;"/></a>The kernel itself, among
other things, deals with the hardware directly and provides ways for other
programs (running in user-space) to access it.
+ The bootloader, which is in fact often split in
different stages, is in charge of bringing up and configuring various aspects
of the hardware and eventually starting the operating system by loading and
running its kernel.<br />
+ <a
href="images/freedom-privacy-security-issues/software.png"
data-lightbox="overview" data-title="Software-side overview"><img
src="images/freedom-privacy-security-issues/software.png" alt="Software-side
overview" style="width: 250px; float: right;"/></a>The kernel itself, among
other things, deals with the hardware directly and provides ways for other
programs (running in user-space) to access it.
In user-space, hardware abstraction layers are
programs specific to each device that know how to properly drive the hardware.
- They use the kernel to communicate back and
forth with the hardware and implement the proper protocols for it.<br /><br
/>The actual knowledge of how to drive the hardware is split between the kernel
and the hardware abstraction layer libraries: both are needed to make it work
properly.
+ They use the kernel to communicate back and
forth with the hardware and implement the proper protocols for it.<br /><br />
+ The actual knowledge of how to drive the
hardware is split between the kernel and the hardware abstraction layer
libraries: both are needed to make it work properly.
Hardware abstraction layers provide a generic
interface for the framework to use.
The framework itself provides an interface for
applications that is independent of the device and the hardware.
That way, applications can access hardware
features through the generic framework interface, which will call the hardware
abstraction layer libraries, ending up with the kernel communicating with the
hardware.
@@ -50,7 +52,8 @@
While <a
href="//bb.osmocom.org/">OsmocomBB</a>, a free software GSM stack exists, it
only runs on old feature phones, currently requires a host computer to operate
and is not certified to run on public networks.
Despite this situation, the modem remains a
crucial part for privacy/security: it is nearly always connected to the GSM
network, allowing for <a
href="//www.gnu.org/philosophy/malware-mobiles.html">remote control</a>.
The modem can be more or less damaging to
privacy/security depending on what hardware it has access to and can control.
- That is to say, how isolated it is from the
rest of the device.<br /><br />A device with bad modem isolation would allow
the modem to access and control key parts of the hardware, such as the RAM,
storage, GPS, camera, user I/O and microphone.
+ That is to say, how isolated it is from the
rest of the device.<br /><br />
+ A device with bad modem isolation would allow
the modem to access and control key parts of the hardware, such as the RAM,
storage, GPS, camera, user I/O and microphone.
This situation is terrible for privacy/security
as it provides plenty of ways to efficiently spy on the user, triggered
remotely over the mobile telephony network.
Those are accessible to the mobile telephony
operator, but also to attackers setting up fake base stations for that purpose.
<a
href="images/freedom-privacy-security-issues/good-modem-isolation.png"
data-lightbox="current-situation" data-title="Good modem isolation"><img
src="images/freedom-privacy-security-issues/good-modem-isolation.png" alt="Good
modem isolation" style="width: 250px; float: right;"/></a>On the other hand,
when the modem is well-isolated from the rest of the device, it is limited to
communicating directly with the SoC and can only access the device's microphone
when allowed by the SoC.
@@ -77,7 +80,8 @@
Many mobile operating systems are mostly free
software (e.g.
<a href="//www.android.com/">Android</a>, <a
href="//mozilla.org/firefox/os">Firefox OS</a>, <a
href="//ubuntu.com/phone">Ubuntu Touch</a>, <a
href="//www.tizen.org/">Tizen</a>), as they use the <a
href="//www.kernel.org/">Linux kernel</a>, a free framework and ship with free
base applications.
However, the user-space hardware abstraction
layers are for the most part proprietary (it varies from one device to another)
and they also ship with proprietary loaded firmwares for various integrated
circuits.
- Every piece of proprietary software running on
the system is a risk for privacy/security as they can offer <a
href="//www.gnu.org/philosophy/malware-mobiles.html">remote access
back-doors</a> and compromise the rest of the system.<br />None of these
mostly-free systems have a clear policy to reject proprietary software and not
advocate its use, except for Replicant.
+ Every piece of proprietary software running on
the system is a risk for privacy/security as they can offer <a
href="//www.gnu.org/philosophy/malware-mobiles.html">remote access
back-doors</a> and compromise the rest of the system.<br />
+ None of these mostly-free systems have a clear
policy to reject proprietary software and not advocate its use, except for
Replicant.
</p>
<p>
While the operating system is a very important
piece of software, it doesn't ship with applications that cover the wide
spectrum of activities that a mobile device is expected to provide.
--
2.7.4
_______________________________________________
Replicant mailing list
Replicant@lists.osuosl.org
http://lists.osuosl.org/mailman/listinfo/replicant
