Le lundi 28 mars 2016 à 20:50 +0200, Denis 'GNUtoo' Carikli a écrit : > This is to have more readable git diffs. > > Signed-off-by: Denis 'GNUtoo' Carikli <gnu...@no-log.org> Acked-by: Paul Kocialkowski <cont...@paulk.fr>
> --- > freedom-privacy-security-issues.php | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security- > issues.php > index 48d47b2..1cdd5a1 100644 > --- a/freedom-privacy-security-issues.php > +++ b/freedom-privacy-security-issues.php > @@ -19,9 +19,11 @@ > <p> > Regarding the software side of things on > mobile devices, the main CPU (inside the SoC) starts by executing initial boot > code, often known as the bootrom. > This code will look up various places such as > NAND, eMMC or MMC (sd/micro sd card) storage, depending on the hardware > configuration, to load a bootloader. > - The bootloader, which is in fact often split > in different stages, is in charge of bringing up and configuring various > aspects of the hardware and eventually starting the operating system by > loading and running its kernel.<br /><a href="images/freedom-privacy-security- > issues/software.png" data-lightbox="overview" data-title="Software-side > overview"><img src="images/freedom-privacy-security-issues/software.png" > alt="Software-side overview" style="width: 250px; float: right;"/></a>The > kernel itself, among other things, deals with the hardware directly and > provides ways for other programs (running in user-space) to access it. > + The bootloader, which is in fact often split > in different stages, is in charge of bringing up and configuring various > aspects of the hardware and eventually starting the operating system by > loading and running its kernel.<br /> > + <a href="images/freedom-privacy-security- > issues/software.png" data-lightbox="overview" data-title="Software-side > overview"><img src="images/freedom-privacy-security-issues/software.png" > alt="Software-side overview" style="width: 250px; float: right;"/></a>The > kernel itself, among other things, deals with the hardware directly and > provides ways for other programs (running in user-space) to access it. > In user-space, hardware abstraction layers > are programs specific to each device that know how to properly drive the > hardware. > - They use the kernel to communicate back and > forth with the hardware and implement the proper protocols for it.<br /><br > />The actual knowledge of how to drive the hardware is split between the > kernel and the hardware abstraction layer libraries: both are needed to make > it work properly. > + They use the kernel to communicate back and > forth with the hardware and implement the proper protocols for it.<br /><br /> > + The actual knowledge of how to drive the > hardware is split between the kernel and the hardware abstraction layer > libraries: both are needed to make it work properly. > Hardware abstraction layers provide a generic > interface for the framework to use. > The framework itself provides an interface > for applications that is independent of the device and the hardware. > That way, applications can access hardware > features through the generic framework interface, which will call the hardware > abstraction layer libraries, ending up with the kernel communicating with the > hardware. > @@ -50,7 +52,8 @@ > While <a > href="//bb.osmocom.org/">OsmocomBB</a>, a free software GSM stack exists, it > only runs on old feature phones, currently requires a host computer to operate > and is not certified to run on public networks. > Despite this situation, the modem remains a > crucial part for privacy/security: it is nearly always connected to the GSM > network, allowing for <a href="//www.gnu.org/philosophy/malware-mobiles.html"> > remote control</a>. > The modem can be more or less damaging to > privacy/security depending on what hardware it has access to and can control. > - That is to say, how isolated it is from the > rest of the device.<br /><br />A device with bad modem isolation would allow > the modem to access and control key parts of the hardware, such as the RAM, > storage, GPS, camera, user I/O and microphone. > + That is to say, how isolated it is from the > rest of the device.<br /><br /> > + A device with bad modem isolation would allow > the modem to access and control key parts of the hardware, such as the RAM, > storage, GPS, camera, user I/O and microphone. > This situation is terrible for > privacy/security as it provides plenty of ways to efficiently spy on the user, > triggered remotely over the mobile telephony network. > Those are accessible to the mobile telephony > operator, but also to attackers setting up fake base stations for that > purpose. > <a href="images/freedom-privacy-security- > issues/good-modem-isolation.png" data-lightbox="current-situation" data- > title="Good modem isolation"><img src="images/freedom-privacy-security- > issues/good-modem-isolation.png" alt="Good modem isolation" style="width: > 250px; float: right;"/></a>On the other hand, when the modem is well-isolated > from the rest of the device, it is limited to communicating directly with the > SoC and can only access the device's microphone when allowed by the SoC. > @@ -77,7 +80,8 @@ > Many mobile operating systems are mostly free > software (e.g. > <a href="//www.android.com/">Android</a>;, <a > href="//mozilla.org/firefox/os">Firefox OS</a>, <a > href="//ubuntu.com/phone">Ubuntu Touch</a>, <a > href="//www.tizen.org/">Tizen</a>), as they use the <a > href="//www.kernel.org/">Linux kernel</a>, a free framework and ship with free > base applications. > However, the user-space hardware abstraction > layers are for the most part proprietary (it varies from one device to > another) and they also ship with proprietary loaded firmwares for various > integrated circuits. > - Every piece of proprietary software running > on the system is a risk for privacy/security as they can offer <a href="//www. > gnu.org/philosophy/malware-mobiles.html">remote access back-doors</a> and > compromise the rest of the system.<br />None of these mostly-free systems have > a clear policy to reject proprietary software and not advocate its use, except > for Replicant. > + Every piece of proprietary software running > on the system is a risk for privacy/security as they can offer <a href="//www. > gnu.org/philosophy/malware-mobiles.html">remote access back-doors</a> and > compromise the rest of the system.<br /> > + None of these mostly-free systems have a > clear policy to reject proprietary software and not advocate its use, except > for Replicant. > </p> > <p> > While the operating system is a very > important piece of software, it doesn't ship with applications that cover the > wide spectrum of activities that a mobile device is expected to provide.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Replicant mailing list Replicant@lists.osuosl.org http://lists.osuosl.org/mailman/listinfo/replicant
