[Replicant] [PATCH v2][ 01/11] freedom-privacy-security-issues: Split into new lines after <br />

Paul Kocialkowski contact at paulk.fr
Wed Apr 20 07:56:32 UTC 2016


Le lundi 28 mars 2016 à 20:50 +0200, Denis 'GNUtoo' Carikli a écrit :
> This is to have more readable git diffs.
> 
> Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at no-log.org>
Acked-by: Paul Kocialkowski <contact at paulk.fr>

> ---
>  freedom-privacy-security-issues.php | 12 ++++++++----
>  1 file changed, 8 insertions(+), 4 deletions(-)
> 
> diff --git a/freedom-privacy-security-issues.php b/freedom-privacy-security-
> issues.php
> index 48d47b2..1cdd5a1 100644
> --- a/freedom-privacy-security-issues.php
> +++ b/freedom-privacy-security-issues.php
> @@ -19,9 +19,11 @@
>  			<p>
>  				Regarding the software side of things on
> mobile devices, the main CPU (inside the SoC) starts by executing initial boot
> code, often known as the bootrom.
>  				This code will look up various places such as
> NAND, eMMC or MMC (sd/micro sd card) storage, depending on the hardware
> configuration, to load a bootloader.
> -				The bootloader, which is in fact often split
> in different stages, is in charge of bringing up and configuring various
> aspects of the hardware and eventually starting the operating system by
> loading and running its kernel.<br /><a href="images/freedom-privacy-security-
> issues/software.png" data-lightbox="overview" data-title="Software-side
> overview"><img src="images/freedom-privacy-security-issues/software.png"
> alt="Software-side overview" style="width: 250px; float: right;"/></a>The
> kernel itself, among other things, deals with the hardware directly and
> provides ways for other programs (running in user-space) to access it.
> +				The bootloader, which is in fact often split
> in different stages, is in charge of bringing up and configuring various
> aspects of the hardware and eventually starting the operating system by
> loading and running its kernel.<br />
> +				<a href="images/freedom-privacy-security-
> issues/software.png" data-lightbox="overview" data-title="Software-side
> overview"><img src="images/freedom-privacy-security-issues/software.png"
> alt="Software-side overview" style="width: 250px; float: right;"/></a>The
> kernel itself, among other things, deals with the hardware directly and
> provides ways for other programs (running in user-space) to access it.
>  				In user-space, hardware abstraction layers
> are programs specific to each device that know how to properly drive the
> hardware.
> -				They use the kernel to communicate back and
> forth with the hardware and implement the proper protocols for it.<br /><br
> />The actual knowledge of how to drive the hardware is split between the
> kernel and the hardware abstraction layer libraries: both are needed to make
> it work properly.
> +				They use the kernel to communicate back and
> forth with the hardware and implement the proper protocols for it.<br /><br />
> +				The actual knowledge of how to drive the
> hardware is split between the kernel and the hardware abstraction layer
> libraries: both are needed to make it work properly.
>  				Hardware abstraction layers provide a generic
> interface for the framework to use.
>  				The framework itself provides an interface
> for applications that is independent of the device and the hardware.
>  				That way, applications can access hardware
> features through the generic framework interface, which will call the hardware
> abstraction layer libraries, ending up with the kernel communicating with the
> hardware.
> @@ -50,7 +52,8 @@
>  				While <a
> href="//bb.osmocom.org/">OsmocomBB</a>, a free software GSM stack exists, it
> only runs on old feature phones, currently requires a host computer to operate
> and is not certified to run on public networks.
>  				Despite this situation, the modem remains a
> crucial part for privacy/security: it is nearly always connected to the GSM
> network, allowing for <a href="//www.gnu.org/philosophy/malware-mobiles.html">
> remote control</a>.
>  				The modem can be more or less damaging to
> privacy/security depending on what hardware it has access to and can control.
> -				That is to say, how isolated it is from the
> rest of the device.<br /><br />A device with bad modem isolation would allow
> the modem to access and control key parts of the hardware, such as the RAM,
> storage, GPS, camera, user I/O and microphone.
> +				That is to say, how isolated it is from the
> rest of the device.<br /><br />
> +				A device with bad modem isolation would allow
> the modem to access and control key parts of the hardware, such as the RAM,
> storage, GPS, camera, user I/O and microphone.
>  				This situation is terrible for
> privacy/security as it provides plenty of ways to efficiently spy on the user,
> triggered remotely over the mobile telephony network.
>  				Those are accessible to the mobile telephony
> operator, but also to attackers setting up fake base stations for that
> purpose.
>  				<a href="images/freedom-privacy-security-
> issues/good-modem-isolation.png" data-lightbox="current-situation" data-
> title="Good modem isolation"><img src="images/freedom-privacy-security-
> issues/good-modem-isolation.png" alt="Good modem isolation" style="width:
> 250px; float: right;"/></a>On the other hand, when the modem is well-isolated
> from the rest of the device, it is limited to communicating directly with the
> SoC and can only access the device's microphone when allowed by the SoC.
> @@ -77,7 +80,8 @@
>  				Many mobile operating systems are mostly free
> software (e.g.
>  				<a href="//www.android.com/">Android</a>;, <a
> href="//mozilla.org/firefox/os">Firefox OS</a>, <a
> href="//ubuntu.com/phone">Ubuntu Touch</a>, <a
> href="//www.tizen.org/">Tizen</a>), as they use the <a
> href="//www.kernel.org/">Linux kernel</a>, a free framework and ship with free
> base applications.
>  				However, the user-space hardware abstraction
> layers are for the most part proprietary (it varies from one device to
> another) and they also ship with proprietary loaded firmwares for various
> integrated circuits.
> -				Every piece of proprietary software running
> on the system is a risk for privacy/security as they can offer <a href="//www.
> gnu.org/philosophy/malware-mobiles.html">remote access back-doors</a> and
> compromise the rest of the system.<br />None of these mostly-free systems have
> a clear policy to reject proprietary software and not advocate its use, except
> for Replicant.
> +				Every piece of proprietary software running
> on the system is a risk for privacy/security as they can offer <a href="//www.
> gnu.org/philosophy/malware-mobiles.html">remote access back-doors</a> and
> compromise the rest of the system.<br />
> +				None of these mostly-free systems have a
> clear policy to reject proprietary software and not advocate its use, except
> for Replicant.
>  			</p>
>  			<p>
>  				While the operating system is a very
> important piece of software, it doesn't ship with applications that cover the
> wide spectrum of activities that a mobile device is expected to provide.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20160420/95e42162/attachment.asc>


More information about the Replicant mailing list