Announcement

Collapse
No announcement yet.

Purism Eyeing The i.MX8M For The Librem 5 Smartphone, Issues First Status Update

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
    ilmaisin
    Junior Member

  • ilmaisin
    replied
    Originally posted by pal666 View Post
    well, if you can reverse-engineer cpu,
    Umm...are you really comparing those steaming piles of garbage known as baseband modems to some kind of theorethical threats? The modem can of course be reverse engineered, but reverse engineering is no good for actually fixing the problems.

    Even if we knew exactly what was wrong with a specific baseband modem, we can't just fix it. Replacing the firmware is not an option due to RF regulatory issues. The only thing we can do is to limit the consequences of a breach by isolating the modem.

    Leave a comment:

  • pal666
    Senior Member

  • pal666
    replied
    well, if you can reverse-engineer cpu, then you can do same with modem, problem solved
    if cpu lacks hardware to send data to nsa, then no program running on that cpu can send data to nsa, so all your software is secure by definition. that's holy grail of security
    if you can notice unusual traffic originated from cpu, you can do same with traffic originated from modem. again no difference
    i am not proposing to make your own cpu, though i'm not against that either. i am trying to explain that your security is as good as weakest link, so fixation on modem is pointless

    Leave a comment:

  • DrYak
    Senior Member

  • DrYak
    replied
    Originally posted by pal666 View Post
    you are not listening. cpu is closed, not its firmware. its schematics are closed and it can show you and your firmware middle finger and send all your precious data to nsa
    Then what's your security target ?

    Wire-wrapping your own cpu yourself ?
    So that you can trust that is has the actual schematics as laid out in the official block diagram ?


    If you want to nit-pick about "closer/open" - you can still acid-digest the package, and sent the exposed silicon to an electron-microscope and try to infer it the actual circuitry reflects what it is supposed to look like.
    But then you'll be arguing that the evil NSA-sold CPU-manufacturer gave you a false chip to calm your fear while you destructively analyse it, while the next chip they sell you once you decide to incorporate it in the device will be the real-spying-deal.


    It's not possible to make a cpu that "sends all your precious data to the nsa" if that CPU lacks any hardware to send anything itself (i.e.: not a Qualcomm style CPU+modem in the same SoC package).

    Either you're going to notice the unusual traffic on the standard protocol that the CPU talk to the actual networking hardware (hey, what are these packets ? I didn't ask my software to send them).
    Or CPU has some nefarious function that will try to create a side channel, like subtly influence some timings (e.g.: delays in the sending of data packets to discrete modem, with each delay carrying information)
    And both of the above require quite some advanced working. Could be done as software implemented in the blob firmware (but what when there's no blob firmware ?)
    Or would require advanced circuitry and/or massive microcode which are beyond what are available on small RISC codes such as ARM.) (And could be busted by some electro-microscopy). (Wait, why are there giant ROMs and/or an entirely separate undocumented core on the silicon).


    Either you decide to make your own CPU from scratch, or you choose to trust your CPU manufacturer and pick a CPU core that's small and simple enough to make hiding a whole untrusty evil machine within difficult, while also isolating it from external access.

    Leave a comment:

  • pal666
    Senior Member

  • pal666
    replied
    Originally posted by DrYak View Post
    That's the whole point of Purism selecting specifically Freescale (i.mx6 for now, i.mx8 in the future) : it happens to be a chipset that you can run entirely on free software. You don't need any piece of closed firmware to use it. Every single machine code instruction that it runs on it could be on that you can control.
    you are not listening. cpu is closed, not its firmware. its schematics are closed and it can show you and your firmware middle finger and send all your precious data to nsa

    Leave a comment:

  • DrYak
    Senior Member

  • DrYak
    replied
    Originally posted by pal666 View Post
    i don't have laptop
    the "laptop" is just a high level metaphor to get to illustrate what I want to show.

    If you prefer, then imagine specifically being in possession of these particular old Thinkpads laptops which require no BLOB and can be flashed with LibreBoot before installing a 100% RMS-compliant "vegan freesoftware" Linux distro :-P

    Then using an Ethernet cable you connect to some evil Huawei device, like the E5885 which runs an unknown secret blob written by chinese engineer on which you have absolutely 0% control and could be filed to the bring with spywares and backdoors.


    The Ethernet cable is relevant here (an absolutely standard mean to just send data packet accross, and nothing else. There's no RDMA involved - unlike, say a 10 GBit/s
    link)

    (And for the record, no hidden weird sensors have been found yet on that modem: it can't easily do side channels attacks based on microphones or whatever).

    Is such a setup, everything on the laptop is secure from the modem. The blob running on the modem cannot peek inside the laptop, it only sees encrypted traffic going on its end of the ethernet cable.

    Originally posted by pal666 View Post
    and even if i had, i can't control blackbox cpu. when cpu is closed, it is worse than closed modem, because it sees all data unencrypted
    That's the whole point of Purism selecting specifically Freescale (i.mx6 for now, i.mx8 in the future) : it happens to be a chipset that you can run entirely on free software. You don't need any piece of closed firmware to use it. Every single machine code instruction that it runs on it could be on that you can control.

    Unlike IntelME which is pretty much inevitable on anything recent by Intel, and AMD which require FSP since Ryzen and some older APUs.


    Leave a comment:

  • pal666
    Senior Member

  • pal666
    replied
    Originally posted by DrYak View Post
    You stuff remains entirely in your control on your laptop.
    i don't have laptop and even if i had, i can't control blackbox cpu. when cpu is closed, it is worse than closed modem, because it sees all data unencrypted

    Leave a comment:

  • DrYak
    Senior Member

  • DrYak
    replied
    Originally posted by pal666 View Post
    you can't control everything when all your hardware is closed
    Between your laptop and the server you're currently browsing pages from, there are tons of closed hardware.
    (Beginning with the firmware running on the USB 3G/4G dongle if you have such a one plugged into your laptop).

    You can't trust any of these intermediate point neither. But as long as you secure your communication (so SSL, using certificates that you trust), it shouldn't matter either.

    You stuff remains entirely in your control on your laptop. The closed stuff is kept outside the reach of your private data and your software and only communicates over a standard protocol that you access with opensource drivers in your kernel.
    (in the case of 3G/4G dongles, it's usually an USB bus, speaking a mix of USB-Serial (for connection setup, still using the good old "AT" codes of oldschool analog modem era ) and USB-Networking (for high-speed data transmission) )

    The point of Purism is to design a phone which follows the same separation.
    By law and frequency-licensing principle, you'll never ever are going to be allowed to run arbitrary code on a modem, so no none-tivoized opensrouce there.
    The next best thing is to apply the same kind of separation as the laptop example.
    Except thing being a pocket device :
    - The entire system that corresponds to the laptop is inside a single chip (SoC).
    - The separate modem is physically kept within the confine of your smartphone's case.
    - Just like the laptop and the USB stick kept appart, the modem and SoC are kept appart like on old smartphone, not one serving as the northbridhe of the other as nearly all modern stuff (e.g.: qualcomm).
    - Just like you can unplug the USB stick and completely disconnect it, there are hardware switch on the Librem5 to physically disconnect the modem too.

    No matter how much evil stuff is hidden in the firmware on the modem, it'll never ever be able to access your stuff on the SoC, just like a 3G/4G dongle could be running advesary firmware it will never be able to touch stuff on your laptop.

    (= Well in my metaphore. In practice, if I was Huawei and wanted to attack you, I'd probably send some OTA code to make the USB dongle masquerade as a HID device and/or USB storage. To gain smartphone-like protection, the USB port with the dongle should be limited to Serial/Network USB device only)l

    Originally posted by pal666 View Post
    like youtube?
    As far as I know, youtube doesn't use DRM much. It won't be affected.

    Netflix is probably the example you're looking for.

    And then you can't have it both way. You can't have both a device that's entirely in you control (the point of openphones like Purism's project) AND a device that keeps you shut out of your own stuff like DRM's purpose.

    If you want functional closed source firmware DRM for Netflix, you're not the target audience of this kind of devices.

    Originally posted by Vasant1234 View Post
    The LTE firmware would be a perfect place to snoop on all traffic that is sent over the internet -. It doesn't really matter if the modem is inside the SOC or outside. Why do you think NSA wants to have a backdoor on Cisco routers ?
    You don't trust the modem, you don't trust the router : Yes, that's entirely correct. As you shouldn't trust any other point along the chain to the server you're accessing.
    The correct behaviour is to trust no one and protect the traffic with trusted certificates.
    The modem should not be able to see anything snoopable, just like any other relay on the path.

    Use client-to-server encryption whenever you access stuff on the internet (HTTPS, etc. with *trusted* certificate).
    Use end-to-end encryption whenever you message someone (OTR with messaging, GPG with mails, etc.)
    Use TOR whenever you want observer not even be able to clearly see whom you are contacting.

    Leave a comment:

  • Almindor
    Senior Member

  • Almindor
    replied
    Originally posted by shmerl View Post

    I asked them this question recently. They said they want to do it, but it's a lot of work (logistics / legal I assume), so it's never a priority.
    That's BS. I'm not talking about drivers or even deep level mer-changes or the dalvik VM. Those would be difficult. The stuff I'm talking about is all in-house Qt5/QML libs and apps they themselves wrote.

    Just shows their ways I suppose. It's really disappointing coz I love their interface and the fact that's it's almost a vanilla linux in there but their lack of communication, missing their own trains and bad judgement have pretty much ruined them as a company.

    Leave a comment:

  • andreano
    Senior Member

  • andreano
    replied
    Originally posted by L_A_G
    No i.MX8M devkits?
    Devkit or not, you can do as me and preorder the WandPi 8M (shipping this spring, they say).

    I just created a i.MX8M thread!

    Leave a comment:

  • pal666
    Senior Member

  • pal666
    replied
    Originally posted by grok View Post
    We do have to be careful else Intel ME is just "firmware" and hardware details.
    of course it is. same thing could be burned in silicon without possibility to disable it
    Originally posted by grok View Post
    We would need open firmware and software to run on the cell tower, fully auditable.
    wrong. it's all for nothing while it runs on blackbox hardware
    pal666
    Senior Member
    Last edited by pal666; 18 January 2018, 04:16 PM.

    Leave a comment:

Working...
X