Originally posted by ZeroPointEnergy
View Post
Announcement
Collapse
No announcement yet.
Librem 5 Smartphone Now Plans To Ship With KDE Plasma
Collapse
X
-
Originally posted by Uqbar View PostDo you think WiFi doesn't need a blob?
It works on frequencies - like 2.4 GHz - which happen to be free for everyone to use.
That's why nearly every quickly designed publicly available wireless standard uses 2.4 Ghz (Wifi, Bluetooth, Logitech's wireless-USB-like, etc.)
That's why even your micro-even work at 2.4 GHz.
If in your garage you manage to build your very own device that only speaks at 2.4Ghz and doesn't go beyond the legal accepted output level, you could take your home built device on the street and start connecting to the access points you want (I'm over simplifying, but yes).
No problem.
(the only actual minor nitpicking comes from the details. It's not EXACTLY the same range around 2.4Ghz that is free in all country. There isn't a perfect over lap of frequencies between all.
In some countries, frequency at the limit are freely accessible, whereas in other countries the exact same frequency requires a license.
The usual solution used by lots of provider is building hardware that can actually use ALL these frequencies, but then have some closed source limitation (either a firmware or a blob driver) that block you access to some frequencies if they happen to not be allowed in the peculiar country.
That's why some manufacturer end up with BLOB that they categorically refuse to open.
But your "garage made wifi" would be allowed as long as you limit to the allowed frequencies)
Cell modem, on the other hand DOES require a blob BECAUSE of the standard.
Cell modem, on the other hand use a different set of frequencies. THOSE frequencies require a license to be used.
Unless you actually happen to be a license holder, you CANNOT build your very own cell modem and take it out in the street. That would be completely illegal.
Only entities holding the corresponding license for the frequencies can get to make devices that use these frequencies.
Thus, in practice, only license holders (chip manufacturers, and telco) get to decide what code runs on the baseband chip.
So in the end :
- you could make a deblob-ed Wifi chips
- there is no legal way to make a deblob-ed baseband chip, unless you acquire your very own license.
But still, that doesn't prevent the solution mentionned by ZeroPointEnergy
Originally posted by L_A_G View PostTo make a completely blob-free handset they'd have to design both their own wireless chips (WiFi and cellular) and GPUs (I think) so I'm pretty sure you didn't know how tall of an order that was...
- Another solution is to consider the wireless chips (Wifi and cellular) as separated self-contained boxes.
That's partly how it was done in the original OpenMoko NeoFreeRunner, how it was partially done in Golden Delicious's GTA04 board powering subsequent OpenMoko upgrade and the Pyra handheld console, and how Purism plans to do it with this phone.
Don't use chips where the baseband core is used as the whole SoC's northbridge (that's the case with tons of SoC by Qualcomm).
Instead use plain simple SoC and have the problematic standard confined in completely separated chip that only talk to the main system over a completely standard protocol.
(e.g.: Cell modem could show up as a UART serial device speaking standard "+++AT" commands, or as a USB Network device)
(e.g.: Wifi usually shows as a USB Network device in most such embed systems)
And control their power either with a software relay (Pyra ; together with a power monitor) or hardware switch (planned solution for the phone).
(e.g.: GPS could show up as a serial device speaking standard protocole)
It ends up costing a bit more (because of less integration in the SoC, and because now these chips need to be autonomous for lots of function which would otherwise have been software-defined in closed source drivers).
But this allows your phone to run 100% opensource software that you can trust, and not need to trust anything happening in those isolated chips, they can't snoop your device and violate your privacy (even less so when their power is shut down).
Originally posted by Uqbar View PostHave they managed to get a blob-free handset?
- Current planned FreeScale has a GPU that is supported by Etnaviv driver.
- They hope that the next FreeScale that they could plan to use might be supported by the time of the project completion.
For the rest (Wifi, Cell, etc.) they would plan to isolate it in self contained bloack boxes that only speak a standard protocole with the rest of the system and doesn't require anything but standard drivers in the main system (like USB-Network, or serial port, etc.).
So even in the case of an over-the-air upgrade send by a cell tower to the smartphone's cell modem, there's nothing that the NSA could do to snoop your phone activity and violate the privacy, the baseband chip would be limited to talk over a network or serial link to the main system.
- Likes 2
Comment
-
Originally posted by DrYak View PostNot necessarily.
- Another solution is to consider the wireless chips (Wifi and cellular) as separated self-contained boxes.
But this allows your phone to run 100% opensource software that you can trust, and not need to trust anything happening in those isolated chips, they can't snoop your device and violate your privacy (even less so when their power is shut down).
Comment
-
Originally posted by L_A_G View PostEven if you do that, the wireless chip is still performing it's job running proprietary and (most probably) completely un-audited code... The point is that you're still communicating with the outside world trough something that you can't audit and which can be exploited without you being able to tell that it's happened.
it might come as a surprise, but the whole point of networking *is* to communicate with the outside world, and you can't control the rest of the world.
the various router, access points, load balancers, and servers will all run some unauditable code.
on the other hand, using proper encryption (end-to-end and/or client-to-server) puts you in a position where you do not need to trust whatever is in between. after all, they are all just talk to over a standard network link. not something that could by standard intentionally access your memory (unlike, e.g., a bus with RDMA).
by treating problematic chips as separated box, and by forcing them to communicate exclusively over standard protocols, you simply push them away in the same "remote" category as the rest of the network.
you suddenly don't need to trust them any more than the content distribution network from which you download your upgrade RPMs - as long ad the RPM are cryptographically signed, it doesn't matter if the CDN is rogue, nor your wifi chip.
if this wifi chips "talks" in a plain network protocol, it only matter that your linux kernel has a robust network task that can survive attempts to exploit. it doesn't matter if the firmware running on the chip isn't audited, just the same as it's not important if the access point you're connected to is open or not.
Even the problem of first exploiting the wireless chip and using that to exploit what's running on the main CPU is still an issue as they need to communicate and there's always room for exploits when two systems communicate with each other.
the smartphone isn't any more at risk from such a "networked" wifi chip, as from any other on-line stuff accessed over the network.
- Likes 1
Comment
-
Originally posted by DrYak View Postit might come as a surprise, but the whole point of networking *is* to communicate with the outside world, and you can't control the rest of the world.
on the other hand, using proper encryption (end-to-end and/or client-to-server) puts you in a position where you do not need to trust whatever is in between. after all, they are all just talk to over a standard network link. not something that could by standard intentionally access your memory (unlike, e.g., a bus with RDMA). by treating problematic chips as separated box, and by forcing them to communicate exclusively over standard protocols, you simply push them away in the same "remote" category as the rest of the network.
you suddenly don't need to trust them any more than the content distribution network from which you download your upgrade RPMs - as long ad the RPM are cryptographically signed, it doesn't matter if the CDN is rogue, nor your wifi chip. if this wifi chips "talks" in a plain network protocol, it only matter that your linux kernel has a robust network task that can survive attempts to exploit. it doesn't matter if the firmware running on the chip isn't audited, just the same as it's not important if the access point you're connected to is open or not.
that depends on how the wifi chip communicates with the CPU. if this shows up as a device speaking standard networking protocol (eg a a USB network device), then the only thing that matters is if the kernel's network stack is able to defend against any adversary over the network.the smartphone isn't any more at risk from such a "networked" wifi chip, as from any other on-line stuff accessed over the network.
In all seriousness, PoisonTap goes to show that this "let's put the blob running parts into a walled off black box" mentality is just a waste of time and resources. It doesn't make exploits using these blob-running parts significantly more difficult to exploit, it only makes it slightly more difficult to escalate the exploit from the blob running part to the OS run by the host CPU.
Comment
-
Originally posted by L_A_G View PostThe thing about drivers is that they are generally a rather huge attack surface and most peripheral bus stacks are not written with attacks in mind. There's a reason why a scenario where an attacker has physical access to a device is considered a "game over" type situation. You mention handling the wireless chip as a USB network device as if that's somehow going to stop attackers when PoisonTap, a USB network device exploit, was first shown off about a year ago and there still isn't any real fix for it.
In all seriousness, PoisonTap goes to show that this "let's put the blob running parts into a walled off black box" mentality is just a waste of time and resources. It doesn't make exploits using these blob-running parts significantly more difficult to exploit, it only makes it slightly more difficult to escalate the exploit from the blob running part to the OS run by the host CPU.
PS: And if you worry that you will now not be able to trust the information coming from the modem, that is irrelevant. You can't trust the information comming from the modem anyway, because the modem just forwards you what it received from the base tower or some device masquarading as a base tower.Last edited by Ansla; 19 September 2017, 07:38 AM.
- Likes 2
Comment
-
Originally posted by Ansla View PostNo it doesn't. PoisonTap is hard to prevent on a general USB port (like the one you use to charge your phone, no matter what software it runs) because you want to be able to connect any type of device to it. But when you talk over USB protocol with a device that is soldered to the mainboard it's trivial to refuse to believe that it's an ethernet device when you know that's the wireless modem.
PS: And if you worry that you will now not be able to trust the information coming from the modem, that is irrelevant. You can't trust the information comming from the modem anyway, because the modem just forwards you what it received from the base tower or some device masquarading as a base tower.
Comment
-
Talking about missing the point, my real point is that while you talk about hypotetical issues there are already real exploits via masquarading network towers. How do you hope your open firmware to prevent this https://www.eff.org/deeplinks/2017/0...ants-stingrays?
The moment your modem is connected to such a device it will give you whatever fake data its owner wants. Just like a modem with compromised firmware would.
Comment
-
Originally posted by L_A_G View Post
A wireless modem does way more than that and malicious behavior from actual hardware, let alone network devices, is something the kernel was never been built to deal with.
Don't let perfection be the enemy of progress. Otherwise we will never improve the situation.
Comment
-
Originally posted by ZeroPointEnergy View PostWhile the security may not be perfect with a separated baseband, as you pointed out, at least there is the possibility that this may be detected by the OS or that improvements to the drivers could be made to detect and prevent such attacks. Without the separation the situation is basically hopeless.
Don't let perfection be the enemy of progress. Otherwise we will never improve the situation.
What I'm trying to get at here is that users should know the limits of what they're using so they don't start behaving like those limits don't exist. In the case of the Librem this could cause the next Mark Felt (a.k.a Deep Throat) to get busted because of a journalist thinking their phone can't be exploited by whatever 3 letter government agency goes after them.
Comment
Comment