[Replicant] Report from CCC Camp 2019

Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org
Wed Aug 28 22:54:36 UTC 2019


Hi,

I went to the CCC Camp 2019 as suggested by Nlnet.

The way tickets are handled out makes it very hard to make sure you are
able to buy one. I was lucky so I managed to buy one, however
dllud (David Ludovino) and Grim Kriegor (Ricardo Cabrita) didn't manage
to buy some.

I did many things there. Not all were directly related to Replicant
though:
- I had a discussion about free software on smartphones and Replicant
  with Harald Welte and other people.

  As I explained the path we took with Replicant 9, he mentioned that
  the Lima and Panfrost drivers were starting to be usable so they
  could be used in Replicant.

  As I explained that the Replicant project didn't want to depend on
  3D acceleration, he mentioned that not using the 3D acceleration
  had an impact on battery life.

  However for Replicant, not depending on 3D acceleration is
  strategically important:
  - 3D acceleration might not be available anymore on the devices we
    want to support.
  - Some devices with OMAP/DM370 SOCs (system on a chip) have a
    PowerVR GPU. That GPU family will probably never work with free
    software anytime soon or at all unless the the GPU vendor decides
    to suddenly release the driver and firmware source code.

  From that the conversation focus shifted on weather or not it would
  make sense to support devices with an OMAP / DM370 System on a
  chip.

  He mentioned that some more work might be needed to improve the
  power management on devices like the GTA04 and that it might not be
  worth the time spent on it. 

  I personally think that it would still make sense to support this
  device as the amount of work is probably not that big if we just
  focus on adding the Android support and hope that some people would
  continue to work improving the power management.

  As the modem of that device is also supported in Ofono, it would
  probably be possible to use the "oFono-based Java RIL for Android"[1]
  on Replicant 9 to add support for the GTA04 version A4 or newer.

  The people involved in this talk were also really interested in
  finally getting a working smartphone that had a free software
  distribution and were planning to buy some Galaxy SIII, however I
  pointed out that our work to port Replicant to Android 9 was not
  finished yet and that it might be really interesting to also look at
  the Librem 5 and the PinePhone once we add support for them.

  When talking about the fact that we could use the "oFono-based Java
  RIL for Android" to support such smartphones he pointed out that
  oFono wasn't stable enough in the test infrastructure that is being
  used at Sysmocom to test the Osmocom stack[8]. This is because a very
  small amount of bugs is able to invalidate all the test results.
  However he pointed out that but that it might still be good enough for
  a regular usage on a smartphone.

  Practically speaking, if we would need that amount of reliability we
  could just spend time fixing the bugs we encounter.

  This is something we might need to take into account if we build a
  test infrastructure for Replicant[9].

  He also suggested that, for testing the modem isolation and usbguard,
  using mPCIe USB adapters for phones like the librem5 and/or the
  the PinePhone would be much more simple than trying to use the
  GNU/Linux in the modem to do that as I intended to do before.

  As for the modems that have GNU/Linux in them[10], I got the
  confirmation that the system on a chip used were derived from
  the Qualcomm smartphones system on a chip used on smartphones. 
  So if you have such modems, you have the equivalent of a smartphone
  architecture in it (probably without microphones or other privacy
  sensitive sensors). So it's probably also way too much work to get a
  fully free software modem in theses.

- I also talked with Lynxis to understand where to get the information
  on how to select hardware for a smartphone test setup. According to
  him the power levels that are used are probably somewhere in one of
  the 3GPP specifications. Once we have the specifications on the
  transmission power and the receive power limits we could then select
  the right attenuators to make a wired test setup.

- As Nicole Faerber (she is the CTO of Purism) had a presentation on
  the Librem 5 named "A mobile phone that respects your freedom"[2], I
  managed to find her by attending the talk. After the talk I tried to
  know more about what Purism intended to do with the nonfree DDR4
  controller firmware[3] that will be shipped in the Librem 5. She
  answered that due to patent litigation threats Purism was not able to
  replace it. As some people in the conversation pointed out that there
  were some effort for other SOCs (system on a chip) it would probably
  be up to the free software community to do it instead.

- Before that I also attended the talk right before "Fully Open, Fully
  Sovereign mobile devices"[4] as I forgot to check the abstract. I
  already saw a recording of a very similar talk that took place at
  Linux Conf Australia. I still asked about the freedom issues of the
  device presented.

- I also discussed very briefly with Joerg Reisenweber who is or was
  involved in the Neo900 project[5].
  The Neo900 was an attempt to build a smartphone that would have had a
  free software bootloader.
  However as many people were asking to use PayPal they ended up
  accepting payment through it and then got into trouble because
  at some point PayPal refused to let them withdrawals their money[6].
  He told me that after that issue, they would have needed way more
  people to preorder devices to make the project successful.

- I got a lot of help from Willem in reverse engineering a WiFi
  firmware that is used on mobile devices.
  The Aura H2O Edition 2 is an e-reader sold by Kobo, which has an
  RTL8189PTY WiFi chip. As the firmware binary has been released under
  the GPLv2 as part of the WiFi driver published for this device.
  Since the firmware is very small (about 21k) and that the GPL remove
  many of the legal constraints we would otherwise have if the firmware
  was not under a free software license, it makes it a very interesting
  target.
  He worked to identify the entry point and header format, functions,
  etc. Before that I wasn't able to go that far as I'm not used to
  reverse engineering binaries.
  If the work is finished one day, and that the work can be used or
  easily adapted on chips that can be bought at low quantity and put on
  smartphones and/or tablets, and if some manufacturers like purism or
  Pine64 use it we could get free software WiFi firmwares on mobile
  devices like smartphones and tablets.

- In a conversation someone also told me that Labgrid was easier to
  learn than Lava and had similar features, including the ability of
  telling it to stop the tests to instead work remotely on the device.

- I also tested several Replicant smartphones on the CCC phone network.
  The network was using AMR only for the GSM. Several networks were
  bridged together (GSM, SIP, DECT, the external telephony network,
  etc). Calls worked fine across different networks but SMS
  bridging was not implemented.
  I tested the network with several Replicant devices (I9300, I9100,
  N7000) and it worked flawlessly both in the internal GSM network and
  calling numbers from other networks (SIP, external telephony network)
  also worked fine. I also activated 2G, 3G and the very experimental
  4G on the web interface and the phone still worked fine.

- To do such experiment I bought several SIM cards. I've written to the
  people in charge of the network to obtain the ADM1 keys to be able to
  completely reprogram the SIM cards, and load JavaCard applications
  in them, to be able to do further testing with Replicant. I'm not
  sure if they have ADM1 keys, but they do have some keys that enable
  to reconfigure the card at some level.

- People had tools to cut SIM cards, so I asked someone to cut my
  mini-sim card that wasn't recognized in Replicant 6.0 (bug #1909) to
  be able to also use it in the Galaxy SIII.

- There was a workshop on FOMU, which is an USB key with an FPGA in it.
  People attending the workshop and installing the toolchain could get
  one for free, as they expected the attended to do interesting thing
  with it afterward.
  As the device doesn't have a lot of free pins (4 + VCC + GND), and
  that I am already involved in many other free software projects, I
  didn't plan to do anything interesting for that device.
  So when attending the workshop I instead convinced the organizers to
  give me one for free, to add support for a free software FPGA
  toolchain in Parabola. I also explained them that most of the work
  was already done in the AUR (user repository) of the arch GNU/Linux
  distribution, but that I needed it mainly for testing that it worked.
  Thanks to that, all the required packages to compile and install HDL
  designs are now in Parabola. A bit more work is needed to use stable
  revisions and add support for RISC V toolchains that are relevant for
  the tiny microcontroller that are made for such tiny FPGAs.
  While I was at the workshop I also read the tutorial and asked about
  recovering the FPGA. It turns out that the FPGA can be configured to
  load its configuration from two different areas in flash. This
  enables to have a section of the flash with a CPU and a bootloader
  that can accept images to install on the second partition of the
  flash. This way you do not need to have a working CPU and bootloader
  in your FPGA design.

- I also asked how to identify connectors for an unpopulated serial
  port connector on an ARM laptop (ecafe HD), as it's easier for me to
  work with that than soldering wires and using glue. I was told that
  the connector was to be ZIF. As that requires flex cables I asked if
  there was a way to find another matching connector and I was told
  that to find the right connector to solder, distributors websites can
  filter on connector parameters. So I could do that to find potential
  candidates and then I could simply print the datasheet in 1:1 and
  look if it fit on the device should do the trick.

- I also had a discussion with someone organizing a cryptoparty there,
  and I tried to push them toward suggesting more free software to
  people. The issue was that some people were trying to force people to
  use free software so because of that they focused less on free
  software. In my opinion the best way would be to instead insist on
  not forcing people to do things but to only enable people to
  understand the consequences of their actions.

- There was a paper posted on various walls advertising a collect of
  old mobile phones for giving it to protesters. However the paper said
  it was to install signal. I tried to find the people behind that to
  convince them that using signal was a bad idea as it depended on
  nonfree software (Google Cloud Messaging (GCM), which is part of
  google play services). However when I finally found somebody that
  knew some thing about it, that person told me that a meeting already
  took place about it and people already pointed out that it depended
  on nonfree software. So I ended up explaining more in depth why
  to that person as she didn't attend the meeting.

- As I've several SDR, I noticed strange things when using them (like a
  spike on the middle of the frequencies in the waterfall). I was
  pointed out to a conference recording that describes why this is the
  case. The conference was called "Why Doesn't My Signal Look Like the
  Textbook?".

- I learned that the serval protocol didn't require an accurate clock
  as it used its internal clock for the messages. Serval is a free
  software Android application that enables calls and message without
  having to rely on the infrastructure. It's interesting because on
  Replicant, the clock is reset if you remove the battery, and also
  because many WiFi access point completely lack a hardware clock.

- I also discussed with other people about Replicant and other things
  but I don't remember well the conversations details.

- The fact that it's a camp enabled people to do many mind blowing art
  installations. The downside of it is that it's more difficult to get
  a regular amount of sleep, however if you put your tent in the quiet
  area you can still manage limit the issue.

References:
-----------
 [1]https://github.com/scintill/android_frameworks_opt_telephony_ril_ofono
 [2]https://media.ccc.de/v/Camp2019-10238-a_mobile_phone_that_respects_your_freedom
 [3]https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-hurdle/
 [4]https://media.ccc.de/v/Camp2019-10378-fully_open_fully_sovereign_mobile_devices
 [5]https://neo900.org/
 [6]https://neo900.org/news/paypal-trouble-delays-project
 [7]The previous GTA04 versions are prototypes and not many of them were
    made. Supporting the A3 version would require to do extra work to
    forward the audio between the modem and the main "sound card" as
    this has to be done in software. Instead on other phones and on the
    version >= A4 you typically need to configure the "sound
    card" to route the audio between both instead.
 [8]https://osmocom.org/projects/osmo-gsm-tester
 [9]https://redmine.replicant.us/projects/replicant/wiki/TestingInfrastructure
[10]https://osmocom.org/projects/quectel-modems/wiki/

Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20190829/a8eb5409/attachment.asc>


More information about the Replicant mailing list